[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A11 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Big Sam Built-In Guestbook...

[ARL02-A09] Board-TNK Cross Site Scripting Vulnerability

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A09 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Board-TNK Cross Site Scriptin...

[ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A08 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : BG Guestbook Cross Site...

[ARL02-A10] News-TNK Cross Site Scripting Vulnerability

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL02-A10 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : News-TNK Cross Site Scripting...

[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A07 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : ARSC Really Simple Chat System...

[ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A06 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : Black Tie Project System Information...

[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A05 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : PHP FirstPost System Information Path...

[ARL02-A03] DCP-Portal Cross Site Scripting Vulnerability

+/--------------- ALPER Research Labs -----/--------/+ +/--------------- Security Advisory ----/---------/+ +/--------------- ID: ARL02-A03 ---/----------/+ +/--------------- [email protected] --/-----------/+ Advisory Information -------------------- Name : DCP-Portal Cross Site Scripting...

Mrtg Path Disclosure Vulnerability (Revised)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /This is Mrtg Web Frontend 14all.cgi bug. You may find the revised security announcement below/ Mrtg/RRD 14all.cgi Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 4, 2002 Product / Vendor: 14all.cgi is a CGI script to...

Re: Mrtg Path Disclosure Vulnerability

/mrtg.cgi?log=scriptalert'CSS'/script /mrtg.cgi?log=scriptalert'Cross Site Scripting'/script /mrtg.cgi?cfg=../../etc/passwd : ------------------- mrtg.cgi error ------------------------ Software error: ERROR: CFG Error Unknown Option "root:PASS:0:0:root:/root" on line 2 or above. Check...

Mrtg Path Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mrtg Path Disclosure Vulnerability Type: Input Validation Error Release Date: February 4, 2002 Product / Vendor: The Multi Router Traffic Grapher Mrtg is a tool to monitor the traffic load on network-links. Mrtg generates html pages containing gif...

IBM HTTP Server 1.3.x - Source Code Disclosure

IBM HTTP Server 1.3.x - Source Code Disclosure source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' i...

IBM HTTP Server 1.3.x - Source Code Disclosure

source: https://www.securityfocus.com/bid/3518/info Due to an input validation error in IBM HTTP Server for the AS/400, it is possible for a remote attacker to make a specially web crafted web request which will display script source code. If a '/' is appended to the end of a request for an...

sendmail and procmail update

An input validation error in sendmail has been discovered by Cade Cairns of SecurityFocus. This problem can be exploited by local users to gain root access. It is not exploitable by remote attackers without shell access. New packages based on sendmail.8.11.6 have been prepared for Slackware 7.1 a...

*ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)

This alert is being posted to Bugtraq as our public release of the vulnerability discovered in Sendmail by Cade Cairns [email protected]. --------------------------------------------------------------------------- Security Alert Subject: Sendmail Debugger Arbitrary Code Execution...

glFTPd 1.x - LIST Denial of Service

glFTPd 1.x - LIST Denial of Service source: https://www.securityfocus.com/bid/3201/info glFtpD contains an input validation error that may allow a malicious user to cause a denial of service against a host running the daemon. The problem occurs when a specially crafted 'LIST' command is received ...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (4)

source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line with t...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...

Sendmail 8.118.12 Debugger - Arbitrary Code Execution (3)

Sendmail 8.118.12 Debugger - Arbitrary Code Execution 3 source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...