CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

CVE-2005-1399

CVE-2005-1399 affects FreeBSD 4.6–4.11 and 5.x–5.4, where insecure default permissions on the /dev/iir device allow unprivileged local users to issue restricted ioctl calls to access or modify data on hardware managed by the iir driver. This results in partial impacts to confidentiality, integrit...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

FreeBSD-SA-05:06.iir

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:06.iir Security Advisory The FreeBSD Project Topic: Incorrect permissions on /dev/iir Category: core Module: sysdev Announced: 2005-05-06 Credits: Christian...

CVE-2005-1008

Cross-site scripting XSS vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag...

CVE-2005-1008

CVE-2005-1008 is an XSS vulnerability in ASP-DEv XM Forum RC3, affecting posts.asp where a javascript: URL in an IMG tag can inject arbitrary script/HTML. The OpenVAS/Nessus entries corroborate a cross-site scripting issue in this XM Forum component. The connected documents do not provide specifi...

CVE-2005-1008

Cross-site scripting XSS vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag...

[NT] ASP-Dev Multiple Cross Site Scripting Vulnerabilities

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

MySQL: Multiple vulnerabilities

Background MySQL is a fast, multi-threaded, multi-user SQL database server. Description MySQL fails to properly validate input for authenticated users with INSERT and DELETE privileges CAN-2005-0709 and CAN-2005-0710. Furthermore MySQL uses predictable filenames when creating temporary files with...

ViewCVS < 1.0-dev Multiple Unspecified Vulnerabilities

Binary data 2446.prm...

Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass

Binary data 2309.prm...

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

CVE-2001-1409

dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions 666, which allows local users to replace or create files in the root file system...

ZH2003-4SA &#40;security advisory&#41;: ASP-DEV Discussion Forum V2.0

ZH2003-4SA security advisory: ASP-DEV Discussion Forum V2.0 Published: 12/07/2003 Released: 12/07/2003 Name: ASP-DEV Discussion Forum V2.0 Affected Systems: All versions Issue: Remote attackers can obtain users information including passwords Author: [email protected] Description Zone-h Security...

ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions

source: https://www.securityfocus.com/bid/8172/info It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain access to user credentials. User credentials are stored in the...

ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions

ASP-DEV Discussion Forum 2.0 - Admin Directory Weak Default Permissions source: https://www.securityfocus.com/bid/8172/info It has been reported that a vulnerability exists in ASP-DEV Discussion Forum that exposes potentially sensitive information. Because of this, an attacker may be able to gain...

CVE-2001-1409

Vulnerability CVE-2001-1409 affects XFree86 Xserver 4.1.0-2 where dexconf creates /dev/dri with insecure permissions (666). This allows local users to replace or create files on the root filesystem. Red Hat advisories RHSA-2003:064/065/067 reference updated XFree86 packages and fixes; the issue i...

Alexandria-dev Multiple Script Upload Spoofing Arbitrary File Access

The remote host seems to be running Alexandria-Dev, an open source project management system. The CGIs 'docman/new.php' and 'patch/index.php' can be used by an attacker with the proper credentials to upload a file and trick the server about its real location on the disk. Therefore, an attacker ma...

WihPhoto &#40;PHP&#41;

Informations : °°°°°°°°°°°°°° Version : 0.86-dev Website : http://www.wihsy.com problem : All files from the hard disk can be send by mail PHP Code/Location : °°°°°°°°°°°°°°°°°°° util/email.php : ------------------------------------------------------------------------ ? class CMailFile var...