3627 matches found
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
Code injection
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...
Cross site request forgery (csrf)
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...
CVE-2008-3909
The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...
LoveCMS 1.6.2 Final - Remote Code Execution
LoveCMS 1.6.2 Final - Remote Code Execution !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks....
aflistenerdirectorytraversal-08_006.txt
Portcullis Security Advisory - 08-006 Vulnerable System: Affinium Campaign Vulnerability Title: The Listener is vulnerable to directory traversal. Vulnerability Discovery And Development: Portcullis Security Testing Services. Credit For Discovery: Tim Brown - Portcullis Computer-Security Ltd...
Debian DSA-1597-2 : mt-daapd - multiple vulnerabilities
Three vulnerabilities have been discovered in the mt-daapd DAAP audio server also known as the Firefly Media Server. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-5824 Insufficient validation and bounds checking of the Authorization: HTTP...
[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...
Null pointer dereference
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-2631
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2008-2631
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
LokiCMS admin.php文件绕过安全限制漏洞
BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误,如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话,则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段: admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...
GLSA-200805-02 : phpMyAdmin: Information disclosure
The remote host is affected by the vulnerability described in GLSA-200805-02 phpMyAdmin: Information disclosure Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact : A remote attacker with CREATE TABLE...
[ GLSA 200805-02 ] phpMyAdmin: Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
phpMyAdmin: Information disclosure
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...
phpMyAdmin共享主机远程信息泄露漏洞
BUGTRAQ ID: 28906 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin实现上存在漏洞,如果远程攻击者能够访问共享主机的话,就可以通过向phpMyAdmin发送特制的HTTP POST请求导致泄露敏感信息。 phpMyAdmin 2.11.5.2 phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...