EUVD-2002-0264

Malware in sbrugna...

SPIP parameter improper validation vulnerability

SPIP, an Internet publishing system, is free software distributed under the General Public License GPL. prive/formulaires/configurerpreferences.php in versions of SPIP prior to 3.2.8 is vulnerable to couleur, display, display navigation, displayoutils, imessage, and spipecran parameters are...

Debian Security Advisory DSA 3890-1 (spip - security update)

Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution. OpenVAS Vulnerability Test $Id: deb3890.nasl 6607...

Debian Security Advisory DSA 2694-1 (spip - privilege escalation)

A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website. OpenVAS Vulnerability Test $Id: deb2694.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2694-1 using nvtgen 1.0 Script...

CVE-2003-1553

Haakon Nilsen Simple Internet Publishing System SIPS 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory...

CVE-2003-1553

Technical details about CVE-2003-1553 (affected product/version, root cause, impact, mitigation) are not provided in the connected documents; no public details are available here. Monitor for updates.

[Full-disclosure] ZRCSA-200601: SPIP - Multiple Vulnerabilities

Zone-H Research Center Security Advisory 200601 http://www.zone-h.fr Date of release: 31/01/2006 Software: SPIP http://www.spip.net Affected versions: 1.8.2-e , 1.9 Alpha 2 5539 Risk: Medium Discovered by: Kevin Fernandez "Siegfried" and Benot Sklnard "netcraft" from the Zone-H Research Team...

propsXSS.txt

PROPS is an open, extensible Internet publishing system designed specifically for periodicals such as newspapers and magazines who want to publish online, either exclusively or as an extension of their print publication. Its website is at http://props.sourceforge.net/ PROPS suffers from a Cross...

Props 0.6.1 XSS and Remote File Viewing Vulnerability

Title: Props 0.6.1 XSS and Remote File Viewing Vulnerability. Software: Props 0.6.1 Vendor: http://props.sourceforge.net/ Platform: PHP4 and MySQL Description: PROPS is an open, extensible Internet publishing system designed specifically for periodicals such as newspapers and magazines who want t...

CVE-2003-1553

Haakon Nilsen Simple Internet Publishing System SIPS 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory...

CVE-2002-0267

preferences.php in Simple Internet Publishing System SIPS before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file...

CVE-2001-0238

The CVE-2001-0238 entry concerns Microsoft Data Access Component Internet Publishing Provider (ID 8.103.2519.0 and earlier). The available connected documents describe that remote attackers can bypass Security Zone restrictions through WebDAV requests. The root cause details are not explicitly st...

Дырка в MS DAC (Internet Publishing Provider)

Можно заставить клиента выполнить WebDAV-запрос...

asp.runtime-error.txt

Forwarded with permission of the author. Please direct all replies to [email protected]. Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com ---------- Forwarded message ---------- Description: ============ Active server pages ASP with runtime errors expose a security...