Douran CMS V3.9.8.0 - Directory Traversal Vulnerability

Document Title: =============== Douran CMS V3.9.8.0 - Directory Traversal Vulnerability Release Date: ============= 2011-08-01 Vulnerability Laboratory ID VL-ID: ==================================== 243 Abstract Advisory Information: ============================== The vulnerability laboratory...

PT-2011-4040 · Phpmyadmin · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 3.4.x through 3.4.3.1 Description: The issue allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field. This is related to the files...

Douran CMS V3.9.8.0 - Directory Traversal Vulnerability

Document Title: =============== Douran CMS V3.9.8.0 - Directory Traversal Vulnerability Release Date: ============= 2011-08-01 Vulnerability Laboratory ID VL-ID: ==================================== 243 Abstract Advisory Information: ============================== The vulnerability laboratory...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.3.1-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

During the export of log files the following error occurs: "Cannot access collector [collector_name]"

This articles provides suggestions to the error "Cannot access collector collectorname" that may happen during the export of log files...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.1-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora 14 : phpMyAdmin-3.4.1-1.fc14 (2011-7702)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

Fedora 15 : phpMyAdmin-3.4.1-1.fc15 (2011-7684)

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially : - User preferences - Relation schema export to multiple formats - ENUM/SET editor - Simplified interface for export/import - AJAXification of some parts - Charts - Visual query builder and...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.1-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

DEBIAN-CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

CVE-2011-1925

nbd-server.c in Network Block Device nbd-server 2.9.21 allows remote attackers to cause a denial of service NULL pointer dereference and crash by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export...

Multiple ZyWALL USG Products Remote Security Bypass Vulnerability - Active Check

Multiple ZyWALL USG products are prone to a security bypass vulnerability. Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to be decrypted with a known plaintext attack. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might ...

[RT-SA-2011-003] Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

ZyWALL USG Appliance Arbitrary File Read / Write

Advisory: Authentication Bypass in Configuration Import and Export of ZyXEL ZyWALL USG Appliances Unauthenticated users with access to the management web interface of certain ZyXEL ZyWALL USG appliances can download and upload configuration files, that are applied automatically. Details =======...

JspRun!论坛管理后台注入漏

JspRun!论坛管理后台的export变量没有过滤，直接进入查询语句，导致进行后台，可以操作数据库，获取系统权限。 在处理后台提交的文件中ForumManageAction.java第1940行 String export = request.getParameter"export";//直接获取，没有安全过滤 ifexport!=null ListMapString,String styles=dataBaseService.executeQuery"SELECT s.name, s.templateid, t.name AS tplname, t.directory,...

CVE-2011-0791

Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export...

Code injection

Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export...

CVE-2011-0791

Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export...

Path traversal

Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in 1 Crm/Controller.php, 2 Crm/Export/Csv.php, or 3 Calendar/Model/Attender.php, which reveal the full installation path...