7425 matches found
[eVuln] MWNewsletter SQL Injection and XSS Vulnerabilities
New eVuln Advisory: MWNewsletter SQL Injection and XSS Vulnerabilities http://evuln.com/vulns/123/summary.html --------------------Summary---------------- eVuln ID: EV0123 CVE: CVE-2006-1690 CVE-2006-1691 CVE-2006-1692 Vendor: Manic Web Software: MWNewsletter Sowtware's Web Site:...
[eVuln] newsletter - sourceworkshop SQL Injection Vulnerability
New eVuln Advisory: newsletter - sourceworkshop SQL Injection Vulnerability http://evuln.com/vulns/107/summary.html --------------------Summary---------------- eVuln ID: EV0107 CVE: CVE-2006-1533 Software: newsletter Sowtware's Web Site: http://www.sourceworkshop.com/ Versions: 1.0 Critical Level...
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...
EV0102.txt
New eVuln Advisory: Maian Events SQL Injection Vulnerability http://evuln.com/vulns/102/summary.html --------------------Summary---------------- eVuln ID: EV0102 CVE: CVE-2006-1341 Software: Maian Events Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderat...
[eVuln] Maian Events SQL Injection Vulnerability
New eVuln Advisory: Maian Events SQL Injection Vulnerability http://evuln.com/vulns/102/summary.html --------------------Summary---------------- eVuln ID: EV0102 CVE: CVE-2006-1341 Software: Maian Events Sowtware's Web Site: http://www.maianscriptworld.co.uk/ Versions: 1.0 Critical Level: Moderat...
[eVuln] PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities
New eVuln Advisory: PHP/MYSQL Timesheet Multiple SQL Injection Vulnerabilities http://evuln.com/vulns/67/summary.html --------------------Summary---------------- eVuln ID: EV0067 Software: PHP/MYSQL Timesheet Sowtware's Web Site: http://www.geocities.com/night247/ Versions: V1, V2 Critical Level:...
Oracle Reports arbitrary file reading vulnerability
Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...
Directory traversal
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP03...
Directory traversal
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26PS17 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP05 and 2 REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliab...
Design/Logic Flaw
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...
CVE-2006-0274
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP03...
CVE-2006-0275
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...
CVE-2006-0288
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...
CVE-2006-0275
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that...
CVE-2006-0275
CVE-2006-0275 affects Oracle Application Server 9.0.4.2, specifically the Oracle Reports Developer component. The connected documents identify the issue as a directory traversal vulnerability that can read portions of arbitrary XML files via the customize parameter (Oracle Vuln REP04). The NVD me...
CVE-2006-0288
Technical details for CVE-2006-0288 are not publicly available in the provided documents. The material only notes multiple unspecified vulnerabilities in Oracle Reports Developer without affected versions, vectors, impacts, or remediation.
CVE-2006-0274
Technical details for CVE-2006-0274 are not publicly provided in the supplied documents. Monitor for updates from Oracle/vendor advisories; current entries note unspecified impact, but no concrete exploit vectors or version-specific remediation are available here.
CVE-2006-0288
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln 1 REP01 and 2 REP02...
[Full-disclosure] Oracle Reports - Read parts of files via desname (fixed after 874 days)
Hello FD-Reader It took only 874 days to fix this problem. Summary and additional information concerning the Oracle January 2006 CPU is available here: http://www.red-database-security.com/advisory/oraclecpujan2006.html http://www.red-database-security.com/advisory/oraclereportsreadanyfi le.html...