openSUSE Security Update : ImageMagick (ImageMagick-1066)

The previous security update for ImageMagick broke 'convert' in some cases. This update fixes this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update ImageMagick-1066. The text description...

solaris/x86 portbind/tcp shellcode generator

Exploit for solaris/x86 platform in category shellcode ============================================ solaris/x86 portbind/tcp shellcode generator ============================================ \n\n"; function win32bind$port if$port 65535 || $port 4100 echo "Erreur Port\nSelect a port between 4100 an...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

author: xy780sec.com from:http://www. 80vul. com/pch/ A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end...

CVE-2008-6283

Cross-site scripting XSS vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."...

mgpizza-sql.txt

|| || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...

Gentoo Security Advisory GLSA 200504-26 (Convert-UUlib)

The remote host is missing updates announced in advisory GLSA 200504-26. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

pSys 0.7.0.a (shownews) Remote SQL Injection Vulnerability

No description provided by source. pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in here: if isset$REQUEST'shownews' && $REQUEST'shownews' != "" $sqlbefehl="Select titel from $tabnews Where id = '".intval$REQUEST'shownews'."'"; $gettitel = mysqlquery$sqlbefehl,$serverid;...

pSys 0.7.0.a (shownews) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== pSys 0.7.0.a shownews Remote SQL Injection Vulnerability ========================================================== pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in...

psys-sql.txt

pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in here: if isset$REQUEST'shownews' && $REQUEST'shownews' != "" $sqlbefehl="Select titel from $tabnews Where id = '".intval$REQUEST'shownews'."'"; $gettitel = mysqlquery$sqlbefehl,$serverid; $news=mysqlfetcharray$gettitel; $pagetitle =...

pSys 0.7.0.a - 'shownews' SQL Injection

pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in here: if isset$REQUEST'shownews' && $REQUEST'shownews' != "" $sqlbefehl="Select titel from $tabnews Where id = '".intval$REQUEST'shownews'."'"; $gettitel = mysqlquery$sqlbefehl,$serverid; $news=mysqlfetcharray$gettitel; $pagetitle =...

Microsoft Office .WPS File Stack Overflow Exploit (MS08-011)

No description provided by source. / Copyright c 2008 chujwamwdupe - pumpernikiel.c one day in teletubby land... an email from idefense: "Unfortunately, Microsoft has refused to credit you using the name you requested." ...what's wrong with 'chujwamwdupe', eh? Description:...

FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection

thnx bro FairSoft S.Mini web Busines Prelease Calendar asp Sql injection include patch...ocf,ns ocf/Calendar/ViewEvent.asp,ns/Calendar/ViewEvent.asp,aboutus/newsroom/ViewPressRelease.asp Credit : CodeXpLoder'tq Mail : codexploderathotmaildotcom Site : codexploder.biyosecurity.net,biyofrm.com Sour...

CVE-2007-2721

The jpcqcxgetcompparms function in jpc/jpccs.c for the JasPer JPEG-2000 library libjasper before 1.900 allows remote user-assisted attackers to cause a denial of service crash and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert...

Barracuda Convert-UUlib library buffer overflow leads to remote compromise

Topic: Barracuda Convert-UUlib library buffer overflow leads to remote compromise Announced: 2006-12-05 Product: Barracuda Spam Firewall Vendor: http://www.barracudanetworks.com/ Impact: Remote shell access Affected product: Barracuda Spam Firewall with firmware 3.3.15.026 AND virus definition...

FreeBSD : dokuwiki -- multiple vulnerabilities (450b76ee-5068-11db-a5ae-00508d6a62df)

Secunia reports : Some vulnerabilities have been reported in DokuWiki, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise a vulnerable system. Input passed to the 'w' and 'h' parameters in lib/exec/fetch.php is not properly sanitised before being...

DEBIAN-CVE-2006-5099

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when confimconvert is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 w and 2 h parameters, which are not filtered when invoking convert...

CVE-2006-0539

The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data."...

[Full-disclosure] Fcrontab - memory corruption on heap.

Name: Fcron - convert-fcrontab Vendor URL: http://fcron.free.fr Author: Adam Zabrocki [email protected] Date: November 25, 2005 Issue: Fcron convert-fcrontab allow users to corruption on heap section. Description: Fcron is a periodical command scheduler which aims at replacing Vixie Cron, and...

fcron convert-fcrontab buffer overflow

Heap based buffer overflow on oversized command line...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 Oracle9i has unspecified impact and attack vectors, as identified by Oracle Vuln DBC02 in the Reorganize Objects & Convert Tablespace component...