DEBIAN-CVE-2006-3084

The 1 ftpd and 2 ksu programs in a MIT Kerberos 5 krb5 up to 1.5, and 1.4.x before 1.4.4, and b Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not kno...

CVE-2006-3911

CVE-2006-3911 affects OSI Codes PHP Live! 3.2.1 and earlier. A PHP remote file inclusion flaw lets an attacker supply a URL via the css_path parameter in help.php or setup/header.php to execute arbitrary PHP code. Impact is the ability to run code on the affected server, with the vulnerability ca...

CVE-2006-3616

Multiple cross-site scripting XSS vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the show parameter in codes-english.php and 2 the img parameter in picture.php, after the name of an existing file...

CVE-2006-3616

Multiple cross-site scripting XSS vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the show parameter in codes-english.php and 2 the img parameter in picture.php, after the name of an existing file...

Lazarus Guestbook Cross Site Scripting Vulnerabilities

Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : = 1.6 Problem : Cross Site Scripting 1 The first probleme is in codes-english.php ,"show" parameter in lang/codes-english.php isn't properly sanitised This can be exploited to execute arbitrary HTML and javascript cod...

CentOS 3 / 4 : wget (CESA-2005:771)

Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes file...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...

XSS on LarkinWEB & Company

XSS Vulnerability On LarkinWEB Database Development, Web Site Design Marketing and Advertising System.. Runing HTML Codes, JScript etch... XSS Vulerability URL : http://www.larkinweb.com/secure/error.asp?msg=XSS Example:...

CVE-2006-2733

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts...

Design/Logic Flaw

membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security codes, which allows remote attackers to register multiple times via automated scripts...

Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities.

--Security Report-- Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 27/05/06 09:44 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Infopop...

OpenTTD, Transport Tycoon Deluxe game clone denial of service

Program abort on getting some error codes from client...

Simplog <= 0.9.2 (s) Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ====================================================== Simplog \r\n"; die; / software site: http://www.simplog.or...

PHP Live! XSS status_image.php

Date: 03/22/2006 Vendor: OSI Codes Product: PHP Live! Versions: tested 3.0 Vulnerability: Cross Site Scripting Location: statusimage.php Exploit: /phplive/js/statusimage.php?baseurl=scriptalertdocument.cookie/script Stumbled across this while auditing a web server, vendor has been notified...

honeyd security advisory: remote detection

Honeyd Security Advisory 2006-001 ================================= Topic: Remote Detection Via Multiple Probe Packets Version: All versions prior to Honeyd 1.5 Severity: Identification of Honeyd installations allows an adversary to launch attacks specifically against Honeyd. No remote root explo...

CVE-2002-2132

CVE-2002-2132 concerns Windows File Protection (WFP) in Windows 2000 and XP. The vulnerability arises because WFP does not remove old security catalog (.CAT) files, enabling local attackers to replace legitimate, updated files with older, vulnerable versions that still have valid hash codes. The ...

CVE-2002-2132

Windows File Protection WFP in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes...

Service Detection (3 ASCII digit codes like FTP, SMTP, NNTP...)

This plugin performs service detection. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14773";...

RHEL 4 : wget (RHSA-2005:771)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:771 advisory. GNU Wget is a file retrieval utility that can use either the HTTP or FTP protocols. A bug was found in the way wget writes files to the local...

wget security update

CentOS Errata and Security Advisory CESA-2005:771-01 Updated wget package that fixes several security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU Wget is a file retrieval utility that can use either the HTTP or FTP...