580 matches found
IBM eGatherer ActiveX RunEgatherer Function Buffer Overflow (CVE-2006-4221)
IBM Corporation is a large and well-known vendor of mainframe hardware, software, enterprise applications and servers, as well as desktop and workstation machines. As the vendor provides a broad level of support for its desktop computers, it includes an application designed to assist the user in...
Microsoft SMS Remote Control Service Denial of Service (CVE-2004-0728)
Microsoft's Systems Management Server SMS is a change and configuration management server for the Microsoft Windows platforms. One component of this system is a client utility that allows an administrator to obtain control over remote client computer. This remote assistance service is installed a...
Microsoft Active Directory LDAP Server - Username Enumeration
Microsoft Active Directory LDAP Server - Username Enumeration source: https://www.securityfocus.com/bid/32305/info Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this...
CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities
CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/27341/info CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to...
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-02-24 - Not...
Grayscale Blog 0.8.0 - Security Bypass / SQL Injection / Cross-Site Scripting
Security Advisory - Multiple Vulnerabilities in Grayscale Blog 0.8.0 Date : 2007-02-24 Product : Grayscale Blog Version : 0.8.0 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/gsblogger/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-02-24 - Not...
WebCalendar -- "noSet" variable overwrite vulnerability
Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...
Etomite CMS 0.6.1.2 - managerindex.php Local File Inclusion
Etomite CMS 0.6.1.2 - managerindex.php Local File Inclusion !/usr/bin/perl -w Etomite CMS Remote Command Execution Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: Input passed to the 'f' parameter in "/manager/index.php" isn't properly verified before...
AROUNDMe0.6.9.txt
============================================== AROUNDMe 0.6.9 remonte file inclusion vendor site: http://barnraiser.org/ vulnerable versions: 0.6.9 and possibly older discovered by: noislet http://www.noislet.org/ vendor informed: 21.10.2006 published: 22.10.2006...
AROUNDMe 0.6.9 remonte file inclusion
============================================== AROUNDMe 0.6.9 remonte file inclusion vendor site: http://barnraiser.org/ vulnerable versions: 0.6.9 and possibly older discovered by: noislet http://www.noislet.org/ vendor informed: 21.10.2006 published: 22.10.2006...
solpot-adv-05.txt
SolpotCrew Community phpCC - Beta 4.2 basedir Remote File Inclusion Download file : http://www.phpcc.at/downloadfile1.html Bug Found By :Solpot a.k.a k. Hasibuan 06-08-2006 contact: [email protected] Website : http://www.solpotcrew.org/adv/solpot-adv-05.txt Greetz: choi , h4ntu , Ibnusina ,...
[SA18883] Plume CMS prepend.php File Inclusion Vulnerability
TITLE: Plume CMS prepend.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18883 VERIFY ADVISORY: http://secunia.com/advisories/18883/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Plume CMS 1.x http://secunia.com/product/8085/ DESCRIPTION: unitedbr has...
[SA18803] DocMGR process.php File Inclusion Vulnerability
TITLE: DocMGR process.php File Inclusion Vulnerability SECUNIA ADVISORY ID: SA18803 VERIFY ADVISORY: http://secunia.com/advisories/18803/ CRITICAL: Highly critical IMPACT: Exposure of sensitive information, System access WHERE: From remote SOFTWARE: DocMGR 0.x http://secunia.com/product/8021/...
RED QUEEN Path Disclosure
RED QUEEN Path Disclosure Vuln. discovered by : r0t Date: 16 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/red-queen-path-disclosure.html vendor:http://www.randommouse.com/cgi-bin/rms/ product/about/aboutproduct.cgi?sku=REDQN &referer=hotscripts&creative=linkindexing affected...
USN-151-1: zlib vulnerability
USN-148-1 fixed an improver input verification of zlib CAN-2005-2096. Markus Oberhumer discovered additional ways a disrupted stream could trigger a buffer overflow and crash the application using zlib, so another update is necessary. zlib is used by hundreds of server and client applications, so...
[SA13485] iWebNegar "string" SQL Injection Vulnerability
TITLE: iWebNegar "string" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA13485 VERIFY ADVISORY: http://secunia.com/advisories/13485/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: iWebNegar 1.x http://secunia.com/product/4388/ DESCRIPTION: shervin...
GLSA-200402-05 : phpMyAdmin < 2.5.6-rc1: possible attack against export.php
The remote host is affected by the vulnerability described in GLSA-200402-05 phpMyAdmin 2.5.6-rc1: possible attack against export.php One component of the phpMyAdmin software package export.php does not properly verify input that is passed to it from a remote user. Since the input is used to...
cPanel fails to verify input passed to the "user" parameter
Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...
Дырка в OmniHTTPD
Недостаточная проверка ввода пользователя позволяет вставить perl-код в любой файл открытый на запись...
WEBgais 1.0 - websendmail Remote Command Execution
WEBgais 1.0 - websendmail Remote Command Execution source: https://www.securityfocus.com/bid/2077/info WEBgais is a package that provides a web interface to the "gais" Global Area Intelligent Search search engine tool. This package contains a vulnerable script, websendmail, which can be used to...