CVE-2007-6470

Affected software : phpRPG 0.8. Vulnerability : inadequate access control causes sensitive information to be stored under the web root, enabling remote attackers to read session IDs from tmp/ files and hijack sessions via PHPSESSID cookies. Root cause : improper handling/placement of session data...

Meridian Prolog Manager Username and Plain Text Password Disclosure

+Note: This is being released without Meridian or CERT approval. Meridian has been dragging their feet and has shown no good intent since I first tried to contact them. My guess is that they will be following all of my releases claiming I was uncooperative. The only information Meridian ever soug...

CVE-2007-5970

MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 are affected. Remote authenticated users can gain privileges on arbitrary tables via unspecified vectors involving table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table for which the ...

迅雷5 0-Day

No description provided by source. script type="text/jscript"function init document.write"";window.onload = init;/script SCRIPT language="JavaScript" var expires = new Date; expires.setTimeexpires.getTime + 24 60 60 1000; var setcookie = document.cookie.indexOf"3Ware=";...

CVE-2007-5931

The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2007-5210

Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before 3.6.1 patch 5, allows remote authenticated users to bypass access restrictions and read or write unspecified data via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

Borland InterBase isc_create_database() Buffer Overflow

This module exploits a stack buffer overflow in Borland InterBase by sending a specially crafted create request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Borland InterBase...

Cart32 Arbitrary File Download Vulnerability

======================================================================== = Cart32 Arbitrary File Download Vulnerability = = Vendor Website: = http://www.cart32.com = = Affected Version: = -- All releases prior to and including v6.3 = = Public disclosure on Thursday 4th October 2007 =...

CVE-2007-3004

CVE-2007-3004 is rejected/not used; refer to CVE-2007-2788.

Vulnerability in Credant Mobile Guardian Shield for Windows

Vulnerability in Credant Mobile Guardian Shield for Windows Vendor: Credant Technologies Inc. http://www.credant.com/ Product: Credant Mobile Guardian Shield for Windows Version: 5.2.1.105 and prior Affected Operating Systems: Windows XP SP2 and likely others Product Overview: Credant Technologie...

phpcoupon-sql.txt

============================================== PHP Coupon Script 3.0 Remote SQL Injection ============================================== Found: Cyber-Security.org ============================================== Script site: http://www.couponscript.com/ =============================================...

SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-002 Advisory Title: Palm OS Treo Find Feature System Password Bypass Authors: J.R. Wikes, Matt Cooley, & Scott King Release Date: 14-02-2007...

CVE-2007-0545

CVE-2007-0545 affects Maxtricity Tagger 0.1. The issue is improper access control that allows remote attackers to access the web root and retrieve tagger.mdb, thereby obtaining a database containing passwords. The root cause is storing sensitive data under the web root without sufficient protecti...

[x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability

-=--------------------ADVISORY-------------------=- Siteman 2.0.x2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Siteman 2.0.x2 -=+ Version: 2.0.x2 -=+ Vendor's URL: http://home.no.net/siteman/ -=+ Platform: WindowsLinuxUnix -=+ Bug type:...

System safety SA weak passwords bring security risks-vulnerability warning-the black bar safety net

The presence of the Microsoft SQL Server SA of the weak password vulnerability of the computer has been cyber attackers favor of one of the objects, through this loophole, you can easily get the Server Management permission, and thus a threat to network and data security. As a network...

Vulnerability classification and to further explore-exploit warning-the black bar safety net

Vulnerability is a forever fairy tale. To achieve esque hero dream, to achieve to break the technological monopoly of the freedom blueprint, discover the vulnerability of the people, exploit the people, patching holes in people, like the vulnerability of people, afraid of the vulnerability of...

A Major design Bug in Camouflage 1.2.1 (latest)

A Major design Bug in Camouflage 1.2.1 latest Direct Link: http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html Disclaimer ========== This material is presented for informational purposes ONLY. I do not condone or encourage vandalism or theft. I do not accept any liability for anything...

Is backup required?

Do you need Backup? Introduction. Main features of backup. Risks. RAID. Cluster systems. Shadow copy. Version control systems. Application level recovery. Backup security. Version control systems Modern version control systems such as CVS, Subversion, or commercial products can and sometimes quit...

3APA3A : Using FTP protocol weaknesses

How to exploit bugs in the implementation of the FTP protocol David Sacerdot, in his article on the vulnerability of the FTP protocol and dated as early as April 1996, theoretically the vulnerability of the FTP protocol if it is incorrectly implemented. Two points are interesting in the article,...

CVE-2006-6350

Listpics 5 stores sensitive data under the web root due to insufficient access control, enabling remote attackers to download listpics.mdb via a direct request. Affected product: Listpics 5. Root cause: web-accessible database file (listpics.mdb) exposed without proper permissions. Impact: comple...