[SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 957-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 951-1] New trac packages fix SQL injection and cross-site scripting

-------------------------------------------------------------------------- Debian Security Advisory DSA 951-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23rd, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 944-1 [email protected] http://www.debian.org/security/ Martin Schulze January 17th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 944-1 [email protected] http://www.debian.org/security/ Martin Schulze January 17th, 2006 http://www.debian.org/security/faq -...

ie_xp_pfv_metafile.pm.txt

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

[SECURITY] [DSA 919-1] New curl packages fix potential security problem

-------------------------------------------------------------------------- Debian Security Advisory DSA 919-1 [email protected] http://www.debian.org/security/ Martin Schulze December 12th, 2005 http://www.debian.org/security/faq -...

PHP Doc System index.php show Parameter Local File Inclusion

The remote host is running PHP Doc System, a modular, PHP-based system for creating documentation. The version of PHP Doc System installed on the remote host fails to sanitize user input to the 'show' parameter of the 'index.php' script before using it in a PHP 'include' function. An...

[SECURITY] [DSA 903-1] New unzip packages fix unauthorised permissions modification

-------------------------------------------------------------------------- Debian Security Advisory DSA 903-1 [email protected] http://www.debian.org/security/ Martin Schulze November 21st, 2005 http://www.debian.org/security/faq -...

PHPFM Arbitrary File Upload

The remote host appears to be running PHPFM, a web-based file manager written in PHP. The version of PHPFM installed on the remote host allows anyone to upload arbitrary files and then to execute them subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network...

Serv-U FTP Server SITE CHMOD Command Stack Overflow Vulnerability

The remote host is running Serv-U FTP server. There is a bug in the way this server handles arguments to the SITE CHMOD requests. SPDX-FileCopyrightText: 2004 Astharot Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

cgi.rb

The 'cgi.rb' CGI is installed. Some versions is vulnerable to remote denial of service. By sending a specially crafted HTTP POST request, a malicious user can force the remote host to consume a large amount of CPU ressources. Warning : OpenVAS solely relied on the presence of this CGI, it did not...

[SECURITY] [DSA 833-2] New mysql-dfsg-4.1 package fixes arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 833-2 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2005 http://www.debian.org/security/faq -...

ASP-Nuke伪造Cookie导致信息泄露漏洞

BugCVE: CVE-2002-0523 BUGTRAQ: 4489 ASP-Nuke存在设计问题，可导致攻击者获得主机相关敏感信息。 攻击者可以本地修改Cookie信息并提交，导致主机返回所有当前登陆用户列表或者返回包含WEB ROOT路径的错误信息。 攻击者可以利用这些信息进一步对系统进行攻击。 ASP-Nuke RC1-RC2 厂商补丁： ASP-Nuke -------- 目前厂商已经在最新版本的软件中修补了此漏洞，请到厂商的主页获取最新版本： http://www.asp-nuke.com/downloads.asp...

[SECURITY] [DSA 829-1] New mysql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 829-1 [email protected] http://www.debian.org/security/ Martin Schulze September 30, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 821-1] New python2.3 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 821-1 [email protected] http://www.debian.org/security/ Martin Schulze September 28th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 819-1 [email protected] http://www.debian.org/security/ Martin Schulze September 23rd, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 819-1] New python2.1 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 819-1 [email protected] http://www.debian.org/security/ Martin Schulze September 23rd, 2005 http://www.debian.org/security/faq -...

Foreign hackers resources-vulnerability warning-the black bar safety net

allhack.com This website provides a library and a download area. The library for beginners provides hacking knowledge and computer technology basics. The download area includes the Scan Tool, FLOOD tool, decryption tools, denial of service attacks and the like. alw. nih,gov In the security...

Discuz! <= 4.0.0 rc4 Arbitrary File Upload

The remote host is using Discuz!, a popular web application forum in China. According to its version, the installation of Discuz! on the remote host fails to properly check for multiple extensions in uploaded files. An attacker may be able to exploit this issue to execute arbitrary commands on th...

Mac OS X : Java for Mac OS X 1.3.1 and 1.4.2 Release 2 Multiple Vulnerabilities

The remote host is missing a security bugfix for Java 1.4.2 and 1.3.1. This update fixes several security vulnerabilities that may allow a Java applet to escalate its privileges. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet. C Tenable Netwo...