561 matches found
Fedora 15 : puppet-2.6.12-1.fc15 (2011-14994)
A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages. This update...
Quick. CMS v3. 0 CSRF flaws and fixes-vulnerability warning-the black bar safety net
Exploit Title: Quick CMS v3. 0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick. Cms v3. 0" inurl:admin.php + Demo CMS Link: http://opensolution.org/Quick.Cms 1 1 0 I'm ^Xecuti0n3r member from...
Quick.CMS 3.0 - Cross-Site Request Forgery
Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link: http://opensolution.org/Quick.Cms 1 1 0 I'm ^Xecuti0n3r member from Inj3ct0r...
Quick.CMS 3.0 - Cross-Site Request Forgery
Quick.CMS 3.0 - Cross-Site Request Forgery + Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link: http://opensolution.org/Quick.Cms...
AA SMTP Server 1.1 - Crash (PoC)
========================= AA SMTP SERVER v.1.1 -- Crash POC ========================= Application : AA SMTP SERVER v.1.1 Vendor URL : http://www.aa2soft.com/download.htm Category : Windows/POC/Crash Author : ..:: SONiC ::.. aka theM4LW4r3 Special thanks to : Ashwin Vamshi,Sid3^effects,r0073r...
pam_krb5: Password prompt varies for existent and non-existent users
pamkrb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux RHEL 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames...
Mandriva Update for drakxtools MDVA-2010:062-1 (drakxtools)
Check for the Version of drakxtools OpenVAS Vulnerability Test Mandriva Update for drakxtools MDVA-2010:062-1 drakxtools Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modi...
Issue with core dump owner
The docoredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive informatio...
CVE-2008-3920
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors...
Security feature bypass
Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors...
hiox-addadmin.txt
"; fclose$file; $creat = "false"; echo "New User Created Please Wait You will be Redirected to Login Page "; else echo "Enter correct Username or Password "; if$creat == "true" ? tr width=400 height...
mysql -- MyISAM table privileges security bypass vulnerability
SecurityFocus reports: MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions...
Gallarific - search.php?query Cross-Site Scripting
Gallarific - search.php?query Cross-Site Scripting source: https://www.securityfocus.com/bid/28163/info Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the...
Issue with core dump owner
The docoredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might allow local users to obtain sensitive informatio...
Naymz multiple XSS
Naymz is a online profile system with positive and accurate information that you want others to find when they search for you online. Community Search fails to sanitize: 1."scriptalert'xss'/script...
naymz-xss.txt
Naymz is a online profile system with positive and accurate information that you want others to find when they search for you online. Community Search fails to sanitize: 1."alert'xss'...
HTTP SERVER (httpsv1.6.2) 404 Denial of Service
No description provided by source. !/usr/bin/perl GetOpt STD module use IO::Socket; use Getopt::Std; getopts":i:p:",%args; ifdefined $argsi $ip = $argsi; ifdefined $argsp $port = $argsp; if!defined $argsi or !defined $argsp print "-----------------------------------------------------\n"; print...
CVE-2006-3616
Multiple cross-site scripting XSS vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the show parameter in codes-english.php and 2 the img parameter in picture.php, after the name of an existing file...
CVE-2006-3616
Multiple cross-site scripting XSS vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the show parameter in codes-english.php and 2 the img parameter in picture.php, after the name of an existing file...
DSA-1056-1 webcalendar - verbose error message
Bulletin has no description...