754 matches found
Mountain Network Systems webcart.cgi Arbitrary Command Execution
webcart.cgi is installed and does not properly filter user input. An attacker may use this flaw to execute any command on your system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. untested Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists...
CVE-2002-0555
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it...
Apple OSX sliplogin overflow
side note ... isn't it odd that I can run gdb on a suid binary? Osx version 10.1.3 localhost: elguapo ls -al /usr/sbin/sliplogin -r-sr-xr-x 1 root wheel 14700 Dec 8 10:49 /usr/sbin/sliplogin localhost: elguapo sliplogin perl -e 'print "A" x 9000' Bus error localhost: elguapo uname -a Darwin...
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting
Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4565/info Faq-O-Matic 2.711 and 2.712 is a web-based Frequently Asked Question FAQ management system. It is vulnerable to a cross site scripting issue arising from a failure to filter HTML or script from a...
Aktivate Shopping System Cross Site Scripting Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aktivate Shopping System Cross Site Scripting Vulnerability Type: Cross Site Scripting Release Date: December 18, 2001 Product / Vendor: Aktivate is a complete, end-to-end e-commerce solution aimed at Linux and other Unices. Aktivate is targeted at...
SIX-webboard 2.01 - File Retrieval
SIX-webboard 2.01 - File Retrieval source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host...
Security problems with Phorum php message board
Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...
Phorum 3.x - Arbitrary File Read
Phorum 3.x - Arbitrary File Read source: https://www.securityfocus.com/bid/1997/info Phorum is a PHP based web forums package. Due to an error in the handling of user input in administrative scripts, any user can view the any file readable by the webserver on the target host. This is due to...
Дырка в Blackboard Courseinfo
Непроверяемый ввод пользователя позволяет поменять пароль любого пользователя или создать нового...
Очередная дырка в qpopper 2.53
Ввод пользователя используется в качестве форматной строки, что позволяет переполнить буфер и получить привилегии группы mail...
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...
SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname
SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing...
The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion
source: https://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a path to a file for inclusion, for...
lotus-notes-smtp-DoS.txt
Date: Fri, 15 Jan 1999 00:52:53 PST From: Siva Sankar Adiraju To: [email protected] Subject: Lotus Notes SMTP Server bug There is a security bug in IBM's Lotus Notes SMTP server. eg. An SMTP session: helo a 250 notes.foo.com helo b 500 Session already established. The domain name b passed in...