[SECURITY] [DSA 1277-1] New XMMS packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1277-1 [email protected] http://www.debian.org/security/ Noah Meyerhans April 04, 2007 - ------------------------------------------------------------------------ Package : xmms Vulnerability :...

Really Simple PHP and Ajax (RSPA) 2007-03-23 RFI Vulnerability

No description provided by source. RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client...

PHP Msg_Receive()内存分配整数溢出漏洞

BUGTRAQ ID: 23236 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的msgreceive函数实现上存在整数溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 PHP的msgreceive函数没有对maxsize参数执行任何检查便直接在内存分配中使用，导致整数溢出。有漏洞的代码如下： PHPFUNCTIONmsgreceive ... if zendparseparametersZENDNUMARGS TSRMLSCC, "rlzlz|blz", &queue, &desiredmsgtype, &outmsgtype,...

[SECURITY] [DSA 1275-1] New zope2.7 packages fix cross-site scripting flaw

------------------------------------------------------------------------ Debian Security Advisory DSA-1275-1 [email protected] http://www.debian.org/security/ Noah Meyerhans April 02, 2007 - ------------------------------------------------------------------------ Package : zope2.7 Vulnerability...

Really Simple PHP and Ajax (RSPA) 2007-03-23 - Remote File Inclusion

Really Simple PHP and Ajax RSPA 2007-03-23 - Remote File Inclusion RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server sid...

Really Simple PHP and Ajax (RSPA) 2007-03-23 - Remote File Inclusion

RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit...

MS02-012: Malformed Data Transfer Request can Cause Windows SMTP Service to Fail (313450)

The remote host contains a flaw in its SMTP service that could allow an attacker to crash it. Vulnerable services are SMTP service Windows XP/Windows 2000 and Exchange 2000 Windows 2000. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid20885; scriptversion"1.29";...

CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ GnuPG and GnuPG clients unsigned data injection vulnerability Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 -...

built2go-xss.txt

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM Built2Go...

phpMyFAQ <= 1.6.7 Remote SQL Injection / Command Execution Exploit

No description provided by source. !/usr/bin/php5-cgi -q ? / Sql injection / remote command execution exploit for phpmyfaq 1.6.8 Bugtraq: http://www.securityfocus.com/bid/21944 CVS:...

phpMyFAQ 1.6.7 - SQL Injection Command Execution

phpMyFAQ 1.6.7 - SQL Injection Command Execution !/usr/bin/php5-cgi -q " localhost:4001 [email protected] / function doupload$baseurl, $proxy, $cmd $fp = fopen"kebab.php", "w"; if!$fp die"Cannot open file for writing"; $code = "Un1q" . $cmd . ""; fwrite$fp, $code; fclose$fp; $sendvars"aktion"...

getID3 < 1.7.8-b1 Multiple Remote Vulnerabilities

getID3, a web-based tool for extracting information from MP3 files, is installed on the remote web server. The installation of getID3 includes a set of demo scripts that allow an unauthenticated, remote attacker to read and delete arbitrary files, write files with some restrictions, and execute...

phpMyFAQ 1.6.7 - SQL Injection / Command Execution

!/usr/bin/php5-cgi -q " localhost:4001 [email protected] / function doupload$baseurl, $proxy, $cmd $fp = fopen"kebab.php", "w"; if!$fp die"Cannot open file for writing"; $code = "Un1q" . $cmd . ""; fwrite$fp, $code; fclose$fp; $sendvars"aktion" = "save"; $sendvars"uin" = "-1' UNION SELECT...

MySQL privilege elevation and security restrictions bypass vulnerability-vulnerability warning-the black bar safety net

Affected systems: MySQL AB MySQL = 5.1.10 Description: BUGTRAQ ID: 1 9 5 5 9 MySQL is a very widely used open source relational database system, with a variety of platforms running version. In MySQL, have access but no permission to create users can be created with the Access database only the na...

MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution. To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application. Tenable...

DevTrack Web Service UserName Field SQL Injection

The remote host is running DevTrack, a defect and project tracking tool. The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote...

BitDefender Client Log Creation Functionality Format String

The version of BitDefender installed on the remote host fails to sanitize scan job settings of format strings. By leveraging this flaw, a local attacker may be able to crash the antivirus application or possibly even gain complete control of the affected system. C Tenable Network Security, Inc...

Solaris 10 (sparc) : 119900-18 (deprecated)

GNOME 2.6.0: GNOME libtiff - library for reading and writing TIFF. Date this patch was last updated by Sun : Sep/15/16 This plugin has been deprecated and either replaced with individual 119900 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security,...

CVE-2006-5633

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service crash by creating a range object using createRange, calling selectNode on a DocType node DOCUMENTTYPENODE, then calling createContextualFragment on the range, which triggers a null dereference. NOTE:...

CVE-2006-5633

Summary: CVE-2006-5633 affects Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b. The issue is a denial of service caused by a null dereference when constructing a range, calling selectNode on a DOCUMENT_TYPE_NODE, and then invoking createContextualFragment on that range. This chain triggers a crash. T...