92 matches found
FireAnt 1.3 File Disclosure
ECHOADV106$2009 ----------------------------------------------------------------------------------------- ECHOADV106$2009 FireAnt = 1.3 Critical File Disclosure Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date : March, 16 ...
Fedora Update for bugzilla FEDORA-2007-2299
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2007-2299 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for bugzilla FEDORA-2008-3488
Check for the Version of bugzilla OpenVAS Vulnerability Test Fedora Update for bugzilla FEDORA-2008-3488 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
PHP safe_mode bypass via proc_open() and custom environment
Exploit for linux platform in category local exploits =========================================================== PHP safemode bypass via procopen and custom environment ===========================================================...
[SECURITY] Fedora 7 Update: bugzilla-3.0.4-1.fc7
Bugzilla is a popular bug tracking system used by multiple open source projects. It requires a database engine installed - either MySQL or PostgreSQL. Without one of these database engines, Bugzilla will not work...
[SECURITY] Fedora 8 Update: bugzilla-3.0.4-1.fc8
Bugzilla is a popular bug tracking system used by multiple open source projects. It requires a database engine installed - either MySQL or PostgreSQL. Without one of these database engines, Bugzilla will not work...
Security Advisory for Bugzilla 3.0.3, 3.1.3, 2.22.3, and 2.20.5
Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security issues that have recently been fixed in the Bugzilla code: Users without the "canconfirm" privilege could enter a bug as NEW or ASSIGNED by using the XML-R...
DSA-1467-1 mantis - several vulnerabilities
Bulletin has no description...
Debian Security Advisory DSA 944-1 (mantis)
The remote host is missing an update to mantis announced via advisory DSA 944-1. Several security related problems have been discovered in Mantis, a web-based bug tracking system. For details on the issues resolved, please visit the referenced advisories. The old stable distribution woody does no...
Debian: Security Advisory (DSA-778-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-230)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Bugzilla多个远程安全漏洞
BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞,远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段,这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串,执行跨站脚本攻击。...
tyger-sqlxss.txt
-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...
CVE-2007-1290
CVE-2007-1290 is a confirmed SQL injection in Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability resides in ViewReport.php and allows remote attackers to modify or execute arbitrary SQL via the bug parameter. This is documented in the NVD entry and corroborated by multiple connected rec...
CVE-2007-1289
CVE-2007-1289 affects Tyger Bug Tracking System (TygerBT) 1.1.3. The vulnerability is an SQL injection in ViewBugs.php exploitable via the s parameter, enabling remote attackers to execute arbitrary SQL commands. This relates to a flaw in input handling (unsanitized user input) in that component,...
Tyger Bug Tracking System Multiple Vulnerability
-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...
Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...
Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied input. Exploiting these...
Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection
Tyger Bug Tracking System 1.1.3 - ViewBugs.php?s SQL Injection source: https://www.securityfocus.com/bid/22799/info Tyger Bug Tracking System is prone to multiple input-validation vulnerabilities, including one SQL-injection issue and two cross-site scripting issues, because the application fails...
Debian DSA-1133-1 : mantis - missing input sanitising
Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...