[Full-disclosure] HYSA-2006-005 WordPress 2.0.1 Remote DoS Exploit

------------------------------------------------------ HYSA-2006-005 h4cky0u.org Advisory 014 ------------------------------------------------------ Date - Wed March 08 2006 TITLE: ====== WordPress 2.0.1 Remote DoS Exploit SEVERITY: ========= Medium SOFTWARE: ========= Wordpress 2.0.1 and prior...

siteframe_5.0.2_xss.txt

Siteframe Beaumont 5.0.2 == User Comment Cross-Site Scripting Vulnerability Information of Software: Software: Siteframe Beaumont 5.0.1a Site: http://www.siteframe.org/ Description of software: Siteframe is a lightweight content-management system designed for the rapid deployment of community-bas...

LinPHA 0.9.x1.0 - forth_stage_install.php Local File Inclusion

LinPHA 0.9.x1.0 - forthstageinstall.php Local File Inclusion source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in...

LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion

source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...

With a Winsock implementation on the website of the database data injection-vulnerability warning-the black bar safety net

In writing this article before, it is necessary to"inject"one word describes it. The difference to the usualSQL injection, where the injection actually just construct an HTTP request packet to a program instead of a WEB page is submitted, data is automatically submitted. Hey, speaking of which, I...

CVE-2005-3655

CVE-2005-3655 describes a heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) for SUSE Linux Enterprise Server 9. The vulnerability arises from improper handling of HTTP POST requests with a negative Content-Length, allowing an unauthenticated attacker to injec...

CVE-2006-0201

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

Code injection

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

CVE-2006-0201

Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...

CVE-2002-2170

The CVE affects BadBlue Enterprise Edition versions 1.7–1.74. The root cause is insufficient authentication when attempts to restrict administrator actions to localhost IP, allowing a remote attacker to trigger arbitrary code execution via an HTTP POST to the dir.hts page on localhost, which can ...

EUVD-2002-2149

Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request...

CVE-2005-3557

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. dot dot in the selected%5B%5D parameter in an HTTP POST request...

CVE-2005-3594

gamescore.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $playername, $playerscore, and $gamename variables...

CVE-2005-3594

CVE-2005-3594 concerns the web app component game_score.php in the content management system e107 . The vulnerability allows remote attackers to insert high scores by sending HTTP POST data that supplies the variables $player_name , $player_score , and $game_name . The available sources describe ...

CVE-2005-3594

gamescore.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $playername, $playerscore, and $gamename variables...

CVE-2005-3557

Technical details about CVE-2005-3557 are not publicly provided in the connected documents. No affected versions, root cause, exploit info, or remediation are specified here. Monitor for updates.

CVE-2005-3557

Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. dot dot in the selected%5B%5D parameter in an HTTP POST request...

myServer POST Denial of Service

This version of myServer is vulnerable to remote denial of service attack. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Novell NetWare HTTP POST Perl Code Execution Vulnerability

Novell Netware contains multiple default web server installations. The Netware Enterprise Web Server Netscape/IPlanet has a perl handler which will run arbitrary code given to in a POST request version 5.x through SP4 and 6.x through SP1 are effected. OpenVAS Vulnerability Test $Id:...

Cherokee POST request DoS

The remote host is running Cherokee - a fast and tiny web server. The remote version of this software is vulnerable to remote denial of service vulnerability when handling a specially-crafted HTTP 'POST' request. An attacker may exploit this flaw to disable this service remotely. OpenVAS...