470 matches found
phpstcms (STCMS music system) to bypass the backend authentication method-vulnerability warning-the black bar safety net
Published author: the mind Vulnerability type: background verification Vulnerability analysis: a music system-0-in! Throw in the hard disk is also equal to moldy, classic white look at the code. Vulnerability exists in“common.inc.php”file, as follows. phpstcms STCMS music system to bypass the...
CVE-2010-3238
Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."...
Buffer overflow
The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service daemon crash or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT...
php: htmlspecialchars() insufficient checking of input for multi-byte encodings
The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...
SuSE 10 Security Update : libpng (ZYPP Patch Number 5945)
This update of libpng fixes the function pngcheckkeyword that allowed setting arbitrary bytes in the process memory to 0. CVE-2008-5907 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
Design/Logic Flaw
The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...
CVE-2008-7002
PHP 5.2.5 does not enforce a openbasedir and b safemodeexecdir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the 1 exec, 2 system, 3 shellexec, 4 passthru, or 5 popen functions,...
Mandrake Linux Security Advisory : php (MDKSA-2007:090)
A heap-based buffer overflow vulnerability was found in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution CVE-2007-1001. A DoS flaw was found in how PHP processed a deeply nested array. A remote attacker coul...
Debian Security Advisory DSA 1703-1 (bind9)
The remote host is missing an update to bind9 announced via advisory DSA 1703-1. OpenVAS Vulnerability Test $Id: deb17031.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1703-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
CVE-2008-3216
The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack...
PHP 5.2.6 - sleep() Local Memory Exhaust
PHP 5.2.6 - sleep Local Memory Exhaust There is some kind of issue in PHP we can run out memory even on SAFEMODE script simply allocate maximum of memory and go to sleep for, let's say 9999999 seconds. sleep pass 'maxexecutiontime' setting. Ram eater sploit ? if ! $purl = @parseurl$url die'sorry,...
CVE-2006-4006
The dogameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the sendpkg function packets.c to use this data size when sending a reply, and allows remote attackers to read portions of server memory...
CVE-2006-2120
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service crash via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read...
phpWebSite 0.10.1 Full SQL injection
TITLE: phpWebSite 0.10.1 Full SQL injection Severity: Medium or even critical SOFTWARE: phpWebSite 0.10.1 Full DESCRIPTION: phpWebSite 0.10.1 full is vulnable to a sql injection.Here is a example: http://localhost/phpweb/index.php?module=sqlinjection DB Error: syntax error SELECT showblock,...
The Includer CGI 1.0 - Remote Command Execution (2)
!/usr/bin/perl Target - The Includer CGI \n\n"; print " - Host name of taget.\n"; print " - If not in dir type / symbol.\n"; print " - command for execution.\n\n"; print " Examples:\n\n"; print " incl10.pl 127.0.0.1 /cgi-bin/ "ls -la"\n"; print " incl10.pl 127.0.0.1 / "uname -a"\n"; print "...
PT-2005-1982 · Mtftpd · Mtftpd
Name of the Vulnerable Software and Affected Versions: mtftpd version 0.0.3 Description: The issue is related to a format string vulnerability in the log do function in log.c. This vulnerability can be exploited when the statistics option is enabled, allowing remote attackers to execute arbitrary...
Star Wars Jedi Knight: Jedi Academy 1.0.11 - Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/12977/info A buffer overflow is present in Jedi Academy that can be exploited remotely by client systems. The overflow is due to the use of the sprintf function in a text visualization procedure, GPrintf. The attacker can exploit this vulnerability to...
Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow
/ vcresize int overflow Copyright Georgi Guninski Cannot be used in vulnerability databases / include include include include include include include include include include int mainint ac, char av int fd; struct vtconsize vv; int cou=4242; fd=open"/dev/tty",ORDWR; if fd0 perror"open";return -42;...
wvtftpd buffer overflow
strcpy buffer overflow...
CVE-2002-0986
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...