11252 matches found
CVE-2005-1196
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...
CVE-2005-1196
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter...
CVE-2005-1196
CVE-2005-1196: SQL injection in phpBB Knowledge Base module kb.php via the cat parameter due to improper input sanitization. This allows remote attackers to modify SQL queries and potentially access sensitive data. Affected component is the Knowledge Base module for phpBB; the vulnerability is do...
phpBB - Knowledge Base MOD - SQL-Injection and Full Path Disclosure
phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...
phpBB 1.x2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x2.0.x - Knowledge Base Module KB.php SQL Injection source: https://www.securityfocus.com/bid/13219/info Knowledge Base Module is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQ...
Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923)
Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer 890923 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
phpBB 1.x/2.0.x - Knowledge Base Module 'KB.php' SQL Injection
source: https://www.securityfocus.com/bid/13219/info Knowledge Base Module is affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromis...
ReviewPost.txt
GulfTech Security Research January 02, 2005 Vendor : All Enthusiast, Inc. URL : http://www.reviewpost.com/ Version : ReviewPost PHP Pro All Versions Risk : Multiple Vulnerabilities Description: Your community of users represents a wealth of knowledge. Now your users can help build and maintain yo...
TIPS MailPost 5.1.1 - Remote File Enumeration
source: https://www.securityfocus.com/bid/11599/info TIPS MailPost is affected by a remote file enumeration vulnerability. This issue is due to a failure to properly sanitize user requests. An attacker may leverage this issue to gain knowledge of the existence of files outside the Web root...
Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service
Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service source: https://www.securityfocus.com/bid/10025/info A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio...
Remote Code Execution in Knowledge Builder.
Remote Code Execution in Knowledge Builder. "Knowledge Builder" from www.activecampaign.com allows to execute code. Example: Create the following file on your webserver: ----index.php---- ? system$cmd; ? ----------------- And then type in the following URL:...
PHPOutsourcing Zorum 3.4 - Full Path Disclosure
PHPOutsourcing Zorum 3.4 - Full Path Disclosure source: https://www.securityfocus.com/bid/8396/info A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path. This issue may...
VMware Workstation 4.0: Possible privilege escalation on the host via symlink manipulation
It is possible for a user to gain an esclation in privileges on a system running VMware Workstation 4.0 for Linux systems by symlink manipulation in a world-writable directory such as /tmp. Affected systems: VMware Workstation 4.0 for Linux systems Dates: This was reported to VMware on 2003-06-17...
CVE-2001-0434
The CVE-2001-0434 issue affects the LogDataListToFile ActiveX function used in Compaq Presario Knowledge Center and Back web components. This function allows remote attackers to modify arbitrary files and cause denial of service. References indicate a patch (SSRT0716-01) is available, which shoul...
Aladdin eSafe Gateway script filter bypass
Product: eSafe Gateway Vendor: Aladdin Knowledge Systems www.ealaddin.com Vesrsion: 3.0 was tested and found vulnerable, earlier versions might be vulnerable as well. Status: Vendor was informed. Background -------------------- eSafe Gateway 3.0 is an Internet Content Security product. You can...
CVE-2000-0427
CVE-2000-0427 affects the Aladdin Knowledge Systems eToken device. Attackers with physical access can reset the PIN in the device’s EEPROM , allowing access to sensitive information without the owner’s PIN. The provided documents do not specify affected models/firmware versions or any vendor-issu...
PIX Firewall 2.7/3.x/4.x/5 - Forged TCP RST
// source: https://www.securityfocus.com/bid/1454/info A connection through a Cisco Secure PIX Firewall can be reset by a third party if the source and destination IP addresses and ports of the connection can be determined or inferred. This can be accomplished by sending a forged TCP Reset RST...
February 2, 2021, update for PowerPoint 2016 (KB4493164)
February 2, 2021, update for PowerPoint 2016 KB4493164 This article describes update 4493164 for Microsoft PowerPoint 2016 that was released on February 2, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn...
February 2, 2021, update for Office 2016 (KB4493189)
February 2, 2021, update for Office 2016 KB4493189 This article describes update 4493189 for Microsoft Office 2016 that was released on February 2, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...
bios-backdoors.txt
Date: Tue, 3 Nov 1998 13:22:20 -0600 From: Paul L Schmehl To: [email protected] Subject: BIOS Backdoor Passwords I've been out of the office since posting the comments about the ineffectiveness of BIOS passwords, and I returned to find to my surprise numerous requests for informati...