8980 matches found
On ASP+ACCESS prevention-vulnerability warning-the black bar safety net
Bored today,in the Baidu to find the next"ASP security",the result is found in N more than the invasion of the tutorial,and the security configuration information is relatively small. Between currently the majority of articles are to teach how the invasion of,here I will talk about,put yourself h...
Aenovo - incssearchdisplay.asp?strSQL SQL Injection
Aenovo - incssearchdisplay.asp?strSQL SQL Injection source: https://www.securityfocus.com/bid/15036/info Aenovo, aeNovoShop and aeNovoWYSI are prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before usin...
slocate security update
CentOS Errata and Security Advisory CESA-2005:346 An updated slocate package that fixes a denial of service and various bugs is available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate,...
RHEL 3 : slocate (RHSA-2005:345)
An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database...
Mandrake Linux Security Advisory : proftpd (MDKSA-2005:140)
Two format string vulnerabilities were discovered in ProFTPD. The first exists when displaying a shutdown message containin the name of the current directory. This could be exploited by a user who creates a directory containing format specifiers and sets the directory as the current directory whe...
GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200509-16 Mantis: XSS and SQL injection vulnerabilities Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could...
CVE-2005-3112
CVE-2005-3112 affects Macromedia Breeze 5.0: the reset password feature stores passwords in plaintext in the database instead of hashing. This allows anyone with database access to obtain user passwords. The provided documents do not specify exploit details, affected versions beyond Breeze 5.0, o...
PluggedOut CMS 0.4.8 - 'admin.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...
Mantis: XSS and SQL injection vulnerabilities
Background Mantis is a web-based bugtracking system written in PHP. Description Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Impact An attacker could possibly use the SQL injection vulnerability...
Foreign hackers resources-vulnerability warning-the black bar safety net
allhack.com This website provides a library and a download area. The library for beginners provides hacking knowledge and computer technology basics. The download area includes the Scan Tool, FLOOD tool, decryption tools, denial of service attacks and the like. alw. nih,gov In the security...
ATutor 1.5.1 - password_reminder.php SQL Injection
ATutor 1.5.1 - passwordreminder.php SQL Injection source: https://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Land Down Under 800/801 - 'plug.php?e' SQL Injection
source: https://www.securityfocus.com/bid/14820/info Land Down Under is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromi...
punBB < 1.2.7 Multiple SQL Injection Vulnerabilities
Binary data 3220.prm...
Land Down Under < 802 events.php SQL Injection
Binary data 3209.prm...
[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 795-2 [email protected] http://www.debian.org/security/ Michael Stone September 2, 2005 http://www.debian.org/security/faq -...
DSA-795-2 proftpd - format string error
Bulletin has no description...
vBulletin <= 3.0.8 Accessible Database Backup Searcher (update 3)
No description provided by source. / Needed to pentest a few vBulletin forums so I wrote this junk real quick. Reference: http://securitytracker.com/alerts/2005/Aug/1014805.html Good paths: /forum/ / /forum/archive/ /forum/cpadmin/ Update 1: Code error fixes. /str0ke [email protected] Update 2:...
cosmoshop81078.txt
author : l0om innate| @t | gmx.de WWW.EXCLUDED.ORG product: cosmoshop version: = 8.10.78 problem: 1. sql injection 2. cleartext passwords 3. view any file maunuf.: www.cosmoshop.de what is cosmoshop cosmoshop is a comercial shop system written as a CGI. where is the problem 1. sql injection...
Debian DSA-783-1 : mysql-dfsg-4.1 - insecure temporary file
Eric Romang discovered a temporary file vulnerability in a script accompanied with MySQL, a popular database, that allows an attacker to execute arbitrary SQL commands when the server is installed or updated. The old stable distribution woody as well as mysql-dfsg are not affected by this problem...
Woltlab Burning Board modcp.php Multiple Parameter SQL Injection
The remote version of Burning Board / Burning Board Lite is prone to SQL injection attacks due to its failure to sanitize user-supplied input to the 'x' and 'y' parameters of the 'modcp.php' script before using it in database queries. Provided an attacker has moderator privileges, these flaws may...