phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

CVE-2008-1924

Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable...

DEBIAN-CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...

CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...

CVE-2008-1693

CVE-2008-1693 involves Poppler (and associated viewers such as Xpdf, Evince, gpdf, kdegraphics, xpdf) where CairoFont::create in CairoFontEngine.cc mishandles embedded PDF fonts, leading to possible remote code execution via a crafted font object. Root cause: dereferencing a function pointer tied...

CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, relate...

Unfixed XSS vulnerability at www.nationstates.net

Security researcher Uber0n, has submitted on 17/04/2008 a cross-site-scripting XSS vulnerability affecting www.nationstates.net, which at the time of submission ranked 17256 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/06/2008. It is...

DEBIAN-CVE-2008-1570

Race condition in the createlockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569...

Race condition

Race condition in the createlockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569...

CVE-2008-1570

policyd-weight contains a local race condition in create_lockpath that lets unprivileged users modify or delete files by exploiting the LOCKPATH handling. The issue affects the insecure handling of the temporary directory, noted as a result of an incomplete fix for CVE-2008-1569, and is discussed...

CVE-2007-6708

Multiple cross-site request forgery CSRF vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to perform actions as administrators via an arbitrary valid request to an administrative URI, as demonstrated by 1 a Restore Facto...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create space action

The following URL's are vulnerable: - spaces/createspace-start.action - spaces/createspace.action on key and name parameters...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

Nukedit 4.9.x - Remote Create Admin

Nukedit 4.9.x - Remote Create Admin !/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v34tyahoodotcom Tehran - Iran Download: http://www.nukedit.com/content/Download.asp Vulnerables: 4.9.x, prior versions maybe affected. Remote: Yes Dork:...

Nukedit 4.9.x Remote Create Admin Exploit

Exploit for unknown platform in category web applications ========================================= Nukedit 4.9.x Remote Create Admin Exploit ========================================= !/usr/bin/perl Title: Nukedit 4.9.x Create Admin Exploit Credit: r3dm0v3 Tehran - Iran Download:...