8980 matches found
[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 764-1 [email protected] http://www.debian.org/security/ Martin Schulze July 21st, 2005 http://www.debian.org/security/faq -...
CVE-2002-2027
Database of Our Owlish Wisdom DOOW 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities...
FreeBSD : mysql-server -- insecure temporary file creation (eeae6cce-d05c-11d9-9aed-000e0c2e438a)
A Zataz advisory reports that MySQL contains a security flaw which could allow a malicious local user to inject arbitrary SQL commands during the initial database creation process. The problem lies in the mysqlinstalldb script which creates temporary files based on the PID used by the script...
WebEOC contains multiple SQL injection vulnerabilities
Overview WebEOC contains multiple SQL injection vulnerabilities that may allow attackers to execute sql queries, potentially viewing or modifying data, or executing database commands. Description WebEOC is a web-based crisis information management application that provides functions to gather,...
CVE-2005-2174
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete...
punBB < 1.2.6 profile.php $temp Parameter SQL Injection (deprecated)
Binary data 3058.prm...
Plague News System 0.7 - 'CID' SQL Injection
source: https://www.securityfocus.com/bid/14136/info Plague News System is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. Other attacks may be possible depending on the capabilities of the...
WordPress < 1.5.1.3 XMLRPC SQL Injection
The version of WordPress installed on the remote host is affected by a SQL injection vulnerability because the bundled XML-RPC library fails to properly sanitize user-supplied input to the 'xmlrpc.php' script. An attacker can exploit this flaw to launch SQL injection attacks that could lead to...
CyberStrong EShop 4.2 - 10browse.asp SQL Injection
CyberStrong EShop 4.2 - 10browse.asp SQL Injection source: https://www.securityfocus.com/bid/14112/info CyberStrong eShop is prone to an SQL injection vulnerability. As a result, the attacker may modify the structure and logic of an SQL query that is made by the application. The attacker may...
[EXPL] PHP-Fusion Accessible Database Backups Download (Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/dbbackups directory in PHP-Fusion 6.0 ...
CVE-2005-2075
PHP-Fusion versions 5.0–6.0 store database backups in predictable paths under the web root (administration/db_backups in 6.0 or fusion_admin/db_backups in 5.0), enabling remote attackers to disclose sensitive information via direct requests. The vulnerability is categorized as an information disc...
CVE-2002-1886
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password...
CVE-2002-1921
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database...
CVE-2002-1921
CVE-2002-1921 affects MySQL server versions 3.20.32 through 3.23.52 on Windows. The default configuration binds to the loopback interface, allowing remote access to the database. The CVSS metrics indicate network attack vector, no authentication, with partial impact to confidentiality, integrity,...
PHP-Fusion 6.00.105 - Accessible Database Backups Download
PHP-Fusion 6.00.105 - Accessible Database Backups Download !/usr/bin/perl D A R K A S S A S S I N S C R E W 2 0 0 5 Dark Assassins - http://dark-assassins.com/ Visit us on IRC @ irc.tddirc.net DarkAssassins phpfusiondb.pl; Version 0.1 22/06/05 PHP-Fusion db backup proof-of-concept by Easyex...
UBBCentral UBB.Threads 5.5.16.x - calendar.php Multiple SQL Injections
UBBCentral UBB.Threads 5.5.16.x - calendar.php Multiple SQL Injections source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A...
long sendmail timeouts let attacker prevent milter quiesce
Summary: An attacker that can predict when a milter will need to quiesce input to allow for a reload may hold open an SMTP session for several hours. This will lead to a DoS condition on the mailserver. Background: Sendmail is a popular Mail Transfer Agent MTA, used in many large sites that requi...
UBBCentral UBB.Threads 5.5.1/6.x - 'notifymod.php?Number' SQL Injection
source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...
GLSA-200506-20 : Cacti: Several vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200506-20 Cacti: Several vulnerabilities Cacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion. Impact : An attacker could potentially exploit the file inclusio...