Lore 1.5.6 - article.php Blind SQL Injection

Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...

DEBIAN-CVE-2008-5250

Cross-site scripting XSS vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web...

CVE-2008-5587

Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when registerglobals is enabled, allows remote attackers to read arbitrary files via a .. dot dot in the language parameter to index.php...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any...

Immunity Canvas: MSSQL_REPLWRITETOVARBIN

Name| mssqlreplwritetovarbin ---|--- CVE| CVE-2008-5416 Exploit Pack| CANVAS Description| replwritetovarbin stored procedure overflow. Notes| CVE Name: CVE-2008-5416 VENDOR: Microsoft Notes: Exploit only works against non-DEP enabled targets. Repeatability: One-shot MSADV: MS09-004 References:...

tomcat Unicode directory traversal vulnerability

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

tomcat Unicode directory traversal vulnerability

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

CVE-2008-3763

Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live Helper 2.0.1 and earlier, when registerglobals is enabled, allows remote attackers to overwrite arbitrary variables related to the db config file. NOTE: this can be leveraged for code injection by overwriting the language file...

VulnCheck KEV: CVE-2008-3681

components/comuser/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user lowest id" password, typically for the administrator...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

CVE-2008-2938

Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than...

CVE-2008-3574

Multiple cross-site scripting XSS vulnerabilities in Pluck 4.5.2, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 langfooter parameter to a data/inc/footer.php; the 2 pluckversion, 3 langinstall22, 4 titelkop, 5 langkop1, 6 langkop2, 7...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

apache mod_status cross-site scripting

Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Microsoft Internet Explorer 7 DisableCachingOfSSLPages may not prevent caching

Overview Setting the Internet Explorer 7 option DisableCachingOfSSLPages may not prevent the caching of SSL-enabled web pages. Description Administrators and users can set the Internet Explorer DisableCachingOfSSLPages option to prevent sensitive or private data from being saved to disk. The...

EUVD-2008-1903

PHP remote file inclusion vulnerability in newsshow.php in Newanz NewsOffice 1.0 and 1.1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsofficedirectory parameter...

CVE-2008-0951

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a 1 CD-ROM device or 2 U3-enabled USB device containing a filesystem with an...

CVE-2008-0951

Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a 1 CD-ROM device or 2 U3-enabled USB device containing a filesystem with an...

CVE-2008-0951

CVE-2008-0951 affects Windows Vista/Server 2008 where NoDriveTypeAutoRun is not properly enforced. The vulnerability allows code execution via (1) CD-ROM AutoRun paths or (2) U3-enabled USB devices containing an Autorun.inf file, with user-assisted remote or physically proximate access. Microsoft...

CVE-2007-6704

Multiple cross-site scripting XSS vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to 1 my.activation.php3 and 2 my.logon.php3...