Code injection

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

CVE-2008-2338

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

CVE-2008-2338

Interspire ActiveKB 1.5 and earlier allows remote attackers to gain privileges by setting the auth cookie to true when accessing unspecified scripts in /admin...

Lulieblog 1.2 - Multiple Vulnerabilities

Lulieblog 1.2 - Multiple Vulnerabilities LulieBlog 1.2 Multiple Remote Vulnerabilities Admin Auth Bypass, Upload File, Blind SQL Injection Author: Cod3rZ Site: http://cod3rz.helloweb.eu Site: http://devilsnight.altervista.org Date: 06/05/2008 dd/mm/yyyy Admin Auth Bypass: Modify Articles: send a...

Lulieblog 1.2 - Multiple Vulnerabilities

LulieBlog 1.2 Multiple Remote Vulnerabilities Admin Auth Bypass, Upload File, Blind SQL Injection Author: Cod3rZ Site: http://cod3rz.helloweb.eu Site: http://devilsnight.altervista.org Date: 06/05/2008 dd/mm/yyyy Admin Auth Bypass: Modify Articles: send a request to site/Admin/articlemodif2.php...

[SECURITY] Fedora 9 Update: lighttpd-1.4.19-4.fc9

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

[SECURITY] Fedora 8 Update: lighttpd-1.4.19-4.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

phpTournois <= G4 Remote File Upload/Code Execution Exploit

No description provided by source. ?php / Name: phpTournois = G4 Remote File Upload/Code Execution Exploit Credits: Charles "real" F. charlesfolathotmail.fr Date: 04-06-08 - Remote Code Execution - Remote File Upload When testing if we are admin, phpTournois checks if $grade'a'=='a'. But when we...

CVE-2008-0884

The Replace function in the capp-lspp-config script in the 1 lspp-eal4-config-ibm and 2 capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux RHEL 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable...

Linksys WRT54G Firmware 1.00.9 - Security Bypass (1)

regurgitated by: meathive url: kinqpinz.info ; Tue, 05 Feb 2008 07:51:41 -0700 CVE-2008-1247 WRT54G firmware version: v1.00.9 Default LAN IP: 192.168.1.1 Default auth: user:blank - pass:admin Authorization: Basic OmFkbWlu php print base64decode"OmFkbWlu"; :admin https://kinqpinz.info/lib/wrt54g/...

NetWin Surgemail 3.8k4-4 IMAP post-auth Remote LIST Universal Exploit

No description provided by source. !/usr/bin/python NetWin Surgemail 0DAY IMAP POST AUTH Remote LIST Universal Exploit Discovered and coded by Matteo Memelli aka ryujin http://www.gray-world.net http://www.be4mind.com Affected Versions : Version 3.8k4-4 Windows Platform Tested on OS : Windows 200...

MailEnable Pro/Ent <= 3.13 (Fetch) post-auth Remote BOF Exploit

No description provided by source. !/usr/bin/perl ================================================================= MailEnable Professional = 3.13 "FETCH" post-auth buffer overflow ================================================================= Bind Shell POC Exploit for Win2K SP4 pro English...

[SECURITY] Fedora 8 Update: lighttpd-1.4.18-6.fc8

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

[SECURITY] Fedora 7 Update: lighttpd-1.4.18-3.fc7

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

Xoops-2.0.16 Remote File Inclusion

In the Script Xoops-2.0.16 are Remote File Inclusion Bugs +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Script : xoops-2.0.16-Kararli Discovered By : F10 Contact : [email protected] WebSite : http://by-f10.com Greetz : byemR3 , H0tturk , TaRanTuLa , gsy...

Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1

Luigi Auriemma Application: Ipswitch Instant Messaging http://www.ipswitch.com/products/instantmessaging Versions: = 2.0.8.1 Platforms: Windows Bugs: A pre-auth NULL pointer crash in decryption function B format string in logging C arbitrary empty files creation Exploitation: remote A versus both...

Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability

Exploit for hardware platform in category remote exploits ====================================================================== Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability ====================================================================== VULNERABILITY: Belkin...

Debian Security Advisory DSA 952-1 (libapache-auth-ldap)

The remote host is missing an update to libapache-auth-ldap announced via advisory DSA 952-1. Seregorn discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code...

Debian Security Advisory DSA 421-1 (mod-auth-shadow)

The remote host is missing an update to mod-auth-shadow announced via advisory DSA 421-1. OpenVAS Vulnerability Test $Id: deb4211.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 421-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)

The remote host is missing an update to libapache2-mod-auth-pgsql announced via advisory DSA 935-1. iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the...