CVE-2012-1902

showconfigerrors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file...

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...

Spacewalk: RHN user password disclosure upon failed system registration

Spacewalk-backend in Red Hat Network RHN Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading 1 the server log and 2 an email...

Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-4898

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a...

CVE-2011-5067

moveuploadedfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message...

Information disclosure

ftpuploadfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message...

Information disclosure

moveuploadedfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message...

CVE-2011-5067

moveuploadedfile.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message...

Parsp Shopping CMS [V5] Multiple Vulnerability

Exploit for php platform in category web applications Exploit Title: Parsp Shopping CMS V5 Multiple Vulnerability Date: 2012-01-22 GMT +7 Author: BHG Security Center Software Link: http://www.parsp.com/ Vendor Responses: They didn't respond to the emails. Dork: intext:"powered by www.parsp.com V5...

CVE-2011-4620

Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these...

Pre Studio Business Card Designer SQL Injection

Author: r45c4l Home : http://twitter.com/!/r45c4l Email : [email protected] Share the c0de! Greetz to all my ICW, AH brothers and all Indian Hackers. Title: Pre Studio Business Card Designer SQL Injection Script Vendor: http://www.preproject.com/card.asp Price : $ 399 p0c :...

Gold Coast Web Design SQL Injection

Title: Gold Coast Web Design SQL Injection Author: AngelParrot Date: 2011/12/19 Category: Webapps Vendor: http://goldcoastwebdesign.com/ Google Dork: inurl:php?id= intext:"web site by: goldcoastwebdesign.com" Exploit http://example.com/news.php?MenuID=SQL...

i4Style Web Design SQL Injection / Cross Site Scripting

Title : i4Style web design SQL Injection / IFrame Injection + Author : AngelParrot + Vendor : http://i4style.com/ + Google Dork : inurl:webpage.php?PageID= "i4Style" + Exploit - http://example.com/webpage.php?PageID=SQL - http://example.com/webpage.php?PageID=IFrame + Example -...

kexec-tools security, bug fix, and enhancement update

2.0.0-209.0.1.el6 - Make sure '--allow-missing' is effective by adding to MKDUMPRDARGS in kdump.sysconfig, kdump.sysconfig.i386, and kdump.sysconfig.x8664 12590865 11678808 2.0.0-209 - Improve debugfs mounting code, from Dave Young. Resolve bug 748748. 2.0.0-208 - Search DUP firmware directory to...

i4Style Web Design SQL Injection / Cross Site Scripting

Exploit for php platform in category web applications + Title : i4Style web design SQL Injection / IFrame Injection + Author : AngelParrot + Vendor : http://i4style.com/ + Google Dork : inurl:webpage.php?PageID= "i4Style" + Exploit - http://example.com/webpage.php?PageID=SQL -...

SuSE 10 Security Update : mozilla-nss (ZYPP Patch Number 7842) (BEAST)

This update to version 3.13.1 of mozilla-nss fixes the following issues : - Explicitly distrust DigiCert Sdn. Bhd bmo698753 - Better SHA-224 support bmo647706 - Fix a regression causing hangs in some situations introduced in 3.13 bmo693228 - SSL 2.0 is disabled by default - A defense against the...

CVE-2011-3646

phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed jsframe parameter to phpmyadmin.css.php, which reveals the installation path in an error message...