CentOS Update for python CESA-2007:1077-01 centos2 i386

Check for the Version of python OpenVAS Vulnerability Test CentOS Update for python CESA-2007:1077-01 centos2 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

cpcommerce-bypass.txt

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

Social Engine 2.7 CRLF Injection + SQL injection

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

social-sql.txt

HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...

[MajorSecurity Advisory #53]BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues

MajorSecurity Advisory 53BLUEPAGE CMS - Cross Site Scripting and Session Fixation Issues Details ======= Product: BLUEPAGE CMS Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.bluepage-cms.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

miniBB 2.2 (CSS/SQL/FPD) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== miniBB 2.2 CSS/SQL/FPD Multiple Remote Vulnerabilities ======================================================== Author: GiReX Date: 21/04/2008 CMS: miniBB 2.2 and maybe prior Site:...

Total Video Player 1.03 - .m3u File Local Buffer Overflow

Total Video Player 1.03 - .m3u File Local Buffer Overflow /0day Total Video Player V1.03 .m3u file Local Buffer Overflow In this exploit you chose to bind a port or to spawn calc.exe. After I crafted a playlist I observed that the stack got corrupted. The corruption accured in some points,and...

Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities

Syhunt: HFS HTTP File Server Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities Advisory-ID: 200801162 Discovery Date: 1.16.2008 Release Date: 1.23.2008 Affected Applications: HFS 2.2 to and including 2.3Beta Build 174 Non-Affected Applications: HFS 2.1d and earlier...

autoindex-xss.txt

====================================================================== AutoIndex Impact: Cross Site Scripting Denial of Service DoS Status: patch available ------------------------------ Affected software description: ------------------------------ Application: AutoIndex Version:...

TikiWiki <= 1.9.8.1 Local File Inclusion Vulnerabilities

No description provided by source. ====================================================================== TikiWiki = 1.9.8.1 Local File Inclusion ====================================================================== Author: L4teral l4teral 4t gmail com Impact: Local File Inclusion Status: patch...

[MajorSecurity Advisory #49]Calimero.CMS - Session fixation Issue

MajorSecurity Advisory 49Calimero.CMS - Session fixation Issue Details ======= Product: Calimero.CMS Affected version: 3.3.1232 and prior Remote-Exploit: yes Vendor-URL: http://www.calimero-cms.de Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...

[MajorSecurity Advisory #40]onelook oboShop - Session fixation Issue

MajorSecurity Advisory 40onelook oboShop - Session fixation Issue Details ======= Product: oboShop Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de Original...

[MajorSecurity Advisory #39]onelook onebyone CMS - Session fixation Issue

MajorSecurity Advisory 39onelook onebyone CMS - Session fixation Issue Details ======= Product: onebyone CMS Remote-Exploit: yes Vendor-URL: http://www.onebyone.ch/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.de...

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue

MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...

SQL-Injection in e107 allows attacker to become a site admininstrator

Software: e107 CMS Versions: = 0.7.2 Type: SQL-injection Homepage: www.e107.org Description: ---------------------------- SQL-Injection in e107 allows attacker to become a site admininstrator. Requirements: ---------------------------- Magicquotesgpc = Off Vulnerability:...

UBlog Remote XSS Exploit

Vunerabilitys: ---------------- XSS Exploit Product: -------- UBlog 1.6 Access Edition Vendor: -------- http://www.uapplication.com/ublog/index.asp Description of product: ----------------------- Blog archive by date; Possibility to comment a blog; Notify via email; Password protected; Amend or...

PowerClan 1.14 - SQL Injection

PowerClan 1.14 - SQL Injection -------------------------------------------------------- Software: PowerClan 1.14 Version: 1.14 Type: SQL Injection Date: Apr 13 23:37:50 CEST 2006 Vendor: powerscripts.org Page: http://www.powerscripts.org Risc: min credits: ---------------------------- d4igoro -...

CVE-2002-2172

Informed 1 Designer and 2 Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information...

CVE-2002-2172

CVE-2002-2172 affects Informed Designer and Filler 3.05. The issue is that newly allocated disk blocks are not zeroed out as an encrypted file grows, which may allow an attacker to obtain sensitive information. The connected Red Hat entry reiterates the same description. No explicit exploit detai...

arc insecure temporary file creation

arc insecure temporary file creation Vendor: http://arc.sourceforge.net/ Advisory: http://www.zataz.net/adviso/arc-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerability is caused due to temporary file being created insecurely. The temporary fil...