CVE-2005-4421

Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name...

CVE-2005-4421

Dev-Editor 3.0 is affected by a directory traversal vulnerability: remote attackers can access directories outside the web root whose names are substrings of the web root directory. This CVE (CVE-2005-4421) is rated CVSSv2 base score 7.5 (HIGH) with network attack vector, low attack complexity, n...

CVE-2005-4421

Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name...

CVE-2005-4256

Cross-site scripting XSS vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forumtitle parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in...

CVE-2005-4256

CVE-2005-4256 describes a cross-site scripting (XSS) vulnerability in ASP-DEV XM Forum RC3, specifically in forum.asp where the forum_title parameter can inject arbitrary script/HTML. Affected item is XM Forum RC3 (forum.asp handling). The core issue is an XSS in the forum_title parameter, enabli...

CVE-2005-4165

Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the 1 forumid parameter to forum.asp, 2 unspecified parameters to register.asp, and 3 the "Search For" field in search.asp...

CVE-2005-4165

CVE-2005-4165 affects ASP-DEV ASP Resources Forum. The vulnerability allows remote SQL injection through (1) forum_id in forum.asp, (2) unspecified params in register.asp, and (3) the Search For field in search.asp, enabling arbitrary SQL execution. The NVD notes a base score of 7.5 (HIGH) with n...

CVE-2005-4165

Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the 1 forumid parameter to forum.asp, 2 unspecified parameters to register.asp, and 3 the "Search For" field in search.asp...

CVE-2002-2197

Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service kernel panic via a program that uses /dev/poll, triggering a NULL pointer dereference...

CVE-2002-2197

CVE-2002-2197 affects Sun Solaris 8.0. A local user can trigger a kernel panic by running a program that uses /dev/poll, causing a NULL pointer dereference in the kernel. The provided connected documents confirm the vulnerable component and the root cause (NULL pointer dereference via /dev/poll),...

[SA17537] Dev-Editor Virtual Root Directory Restriction Bypass

TITLE: Dev-Editor Virtual Root Directory Restriction Bypass SECUNIA ADVISORY ID: SA17537 VERIFY ADVISORY: http://secunia.com/advisories/17537/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Dev-Editor 3.x http://secunia.com/product/6093/ DESCRIPTION: A security issue...

linux/x86 snoop /dev/dsp shellcode 172 bytes

linux/x86 snoop /dev/dsp shellcode 172 bytes. Shellcode exploit for linx86 platform / Placed the listener here http://www.milw0rm.com/down.php?id=1293 /str0ke / / hey folks, this is snoopshell, short and simply it snoops on /dev/dsp and after attempting to lower the audio quality will stream any...

ASP-DEv XM Forum IMG Tag Script Injection Vulnerability

The remote web server contains an ASP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running the ASP-DEV XM Forum. There is a flaw in the remote software which may allow anyone to inject arbitrary HTML and script code through the BBCode IMG...

CVE-2005-3334

CVE-2005-3334 concerns Flyspray, a lightweight bug-tracking web app. The vulnerability affects Flyspray 0.9.7 through 0.9.8 (devel) and is a cross-site scripting (XSS) flaw in the index.php page. An attacker can inject arbitrary web script or HTML via multiple parameters (PHPSESSID, task, string,...

[SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 815-1 [email protected] http://www.debian.org/security/ Martin Schulze September 16th, 2005 http://www.debian.org/security/faq -...

CVE-2005-2533

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service memory exhaustion via a flood of packets with a large number of spoofed MAC addresses...

[SA16420] Dev-PHP NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16422] Bloodshed Dev-Pascal NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2002-1826

grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory...

Entropy Gathering Daemon (EGD) Detection

The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid18393; scriptversion"1.15"...