Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation

Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value +...

Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed.

Hi, Just to confirm that Microsoft has not fixed the NtClose/ZwClose DeadLock vulnerability. The bulletin MS06-030 addressed this flaw as "SMB Invalid Handle Value" which is just an euphemism under my point of view. The code added to mrxsmb.sys is just a wrapper in order to avoid the "Invalid...

[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities

New eVuln Advisory: MWNewsletter SQL Injection and XSS Vulnerabilities http://evuln.com/vulns/123/summary.html --------------------Summary---------------- eVuln ID: EV0123 CVE: CVE-2006-1690 CVE-2006-1691 CVE-2006-1692 Vendor: Manic Web Software: MWNewsletter Sowtware's Web Site:...

phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...

[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability

New eVuln Advisory: newsletter - sourceworkshop SQL Injection Vulnerability http://evuln.com/vulns/107/summary.html --------------------Summary---------------- eVuln ID: EV0107 CVE: CVE-2006-1533 Software: newsletter Sowtware's Web Site: http://www.sourceworkshop.com/ Versions: 1.0 Critical Level...

EV0102.txt

New eVuln Advisory: Maian Events SQL Injection Vulnerability http://evuln.com/vulns/102/summary.html --------------------Summary---------------- eVuln ID: EV0102 CVE: CVE-2006-1341 Software: Maian Events Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderat...

[eVuln] Maian Events SQL Injection Vulnerability

New eVuln Advisory: Maian Events SQL Injection Vulnerability http://evuln.com/vulns/102/summary.html --------------------Summary---------------- eVuln ID: EV0102 CVE: CVE-2006-1341 Software: Maian Events Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderat...

[eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities

New eVuln Advisory: PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/67/summary.html --------------------Summary---------------- eVuln ID: EV0067 Software: PHP/MYSQL Timesheet Sowtware's Web Site: http://www.geocities.com/night247/ Versions: V1, V2 Critical Level:...

Oracle Reports arbitrary file reading vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...

Directory traversal

Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26PS17 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP05 and 2 REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliab...

CVE-2006-0274

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP03...

CVE-2006-0288

Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP03...

Directory traversal

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...

CVE-2006-0275

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...

CVE-2006-0288

Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...

CVE-2006-0275

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...

CVE-2006-0274

Technical details for CVE-2006-0274 are not publicly provided in the supplied documents. Monitor for updates from Oracle/vendor advisories; current entries note unspecified impact, but no concrete exploit vectors or version-specific remediation are available here.

CVE-2006-0288

Technical details for CVE-2006-0288 are not publicly available in the provided documents. The material only notes multiple unspecified vulnerabilities in Oracle Reports Developer without affected versions, vectors, impacts, or remediation.