Jaws language Parameter Multiple Local File Includes

Jaws, a Framework and Content Management System for building dynamic websites, is installed on the remote system. The installed version fails to filter input to the 'language' parameter before using it to include PHP code in '/upgrade/index.php' and '/install/index.php'. Regardless of PHP's...

CVE-2008-5043

CVE-2008-5043 involves multiple cross-site scripting (XSS) flaws in the web-based interface of IBM Metrica Service Assurance Framework. The vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via three parameters: elementid in generatedreportresults (ReportTree...

CVE-2008-4630

Multiple unspecified vulnerabilities in Midgard Components MidCOM Framework before 8.09.1 have unknown impact and attack vectors...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Midgard Components MidCOM Framework before 8.09.1 have unknown impact and attack vectors...

[SECURITY] Fedora 9 Update: rubygem-rails-2.1.1-2.fc9

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

Microsoft .Net framework multiple security vulnerabilities

Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte...

Solaris <= 10 LPD Arbitrary File Delete Exploit (metasploit)

No description provided by source. This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artisti...

[SECURITY] Fedora 8 Update: php-pecl-apc-3.0.19-1.fc8

APC is a free, open, and robust framework for caching and optimizing PHP intermediate code...

Seagull PHP Framework 0.6.4 - 'FCKeditor' Arbitrary File Upload

?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

hpstorage-meta.txt

$Id: doubletake.rb 4529 2007-03-23 01:08:18Z $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/...

Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability

www.BugReport.ir AmnPardaz Security Research Team Title: Dot Net Nuke DNN XSS Vulnerability. Vendor: www.dotnetnuke.com Vulnerable Version: 4.8.3 and prior versions Exploit: N/A Impact: Low Fix: N/A Original Advisory: http://bugreport.ir/index.php?/38 1. Description: DotNetNuke is an open source...

Ajax Framework - 'lang' Local File Inclusion

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.eu Ajax framework by www.zapatec.com Local File Include Vulnerability Script site: http://www.zapatec.com/ Vuln:...

[ GLSA 200804-07 ] PECL APC: Buffer Overflow

Gentoo Linux Security Advisory GLSA 200804-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Cisco Unified Communications Disaster Recovery Framework code execution

Command execution thorugh backup management service...

McAfee Framework / ePolicy Orchestrator format string vulnerability

Format string vulnerability in logging functions...

McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String

source: https://www.securityfocus.com/bid/28228/info McAfee Framework is prone to a remote format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will like...

OSSIM Framework session/login.php dest Parameter XSS

The remote host is running OSSIM Open Source Security Information Management, a suite of security tools managed by a web-based front-end. The version of OSSIM installed on the remote host fails to sanitize user input to the 'dest' parameter of the 'session/login.php' script before using it to...

Directory traversal

Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 uri parameter to a yui-menu.tpl.php, b simple.tpl.php, and c advanced.tpl.php in dispatcher/framework/; and the 2 page parameter to d...

Bubbling Library 1.32 - Multiple Local File Inclusions

Bubbling Library 1.32 - Multiple Local File Inclusions bubbling library v1.32 multiple Local File Inclusion Vulnerabilities Download scrip : http://sourceforge.net/project/showfiles.php?groupid=192730 Author : Stack-Terrorist v40 Email : [email protected] Home : http://www.v4-team.com for execute...

Debian: Security Advisory (DSA-1406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...