Important: Red Hat Security Advisory: devtoolset-2-httpcomponents-client security update

Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Andy's PHP Knowledgebase 0.92.9 - Arbitrary File Upload Vulnerability

No description provided by source. ============================================================== Andy's PHP Knowledgebase Arbitrary File Upload Vulnerability ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

Andy's PHP Knowledgebase Project 0.95.4 - SQL Injection

No description provided by source. ------------------------------------------------------------------------ Software................Andy's PHP Knowledgebase Project 0.95.4 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.aphpkb.org/...

VU Case Manager Authentication Bypass

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

Andy's PHP Knowledgebase 0.95.2 (viewusers.php) SQL Injection

No description provided by source. 'Andy's PHP Knowledgebase' SQL Injection Vulnerability CVE-2011-1546 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in aviewusers.php allowing for SQL injection of the 's' query parameter...

Orca Knowledgebase 2.1 Knowledgebase.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15637/info Orca Knowledgebase is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in register.php in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 email, or 4 username parameter...

CVE-2013-7289

The CVE identifies multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (Aphpkb) before version 0.95.8, exploitable via the register.php endpoint. Specifically, the first_name, last_name, email, or username parameters can be injected with malicious script/HTML to affect...

CVE-2013-7289

Multiple cross-site scripting XSS vulnerabilities in register.php in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 email, or 4 username parameter...

CVE-2013-7277

Multiple cross-site scripting XSS vulnerabilities in Andy's PHP Knowledgebase Aphpkb before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP Referer header to saa.php, 2 username parameter to login.php, or 3 keywordlist parameter to keysearch.php...

ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability EMC Identifier: ESA-2012-031 CVE Identifier: CVE-2012-2283 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:L/Au:S/C:C/I:C/A:C Affected products: Iomega network storage devices...

Scientific Linux Security Update : nss on SL4.x, SL5.x i386/x86_64

CVE-2009-3555 TLS: MITM attacks via session renegotiation A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session for exampl...

Andy's PHP Knowledgebase 0.95.5 Shell Upload

Exploit Title: aphpkb 0.95.5 Remote File Upload Date: 2011 Sep 21 Author: Black.Spook H4ckcity Security Team Software Link: http://prdownloads.sourceforge.net/aphpkb/aphpkb-0.95.5.tgz?download Version: 0.95.5 Tested on: Linux Email: [email protected] Steps to exploit this vulnerability: 1-...

CentOS Update for httpd CESA-2010:0168 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

This host is running Andy's PHP Knowledgebase and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbaphpkbmultxssvuln.nasl 5840 2017-04-03 12:02:24Z cfi $ Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities Authors: Sooraj KS Copyright...

iSupport 1.8 - SQL Injection

iSupport 1.8 - SQL Injection iSupport 1.8 SQL Injection Vulnerability Date: 2011-06-23 Author: Brendan Coles Advisory: http://itsecuritysolutions.org/2011-06-23-iSupport-1.8-SQL-Injection-Vulnerability/ Software: iSupport Version: = 1.8 Homepage: http://www.idevspot.com/iSupport.php Google Dork:...

Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability

This host is running Andy's PHP Knowledgebase and is prone to remote PHP code execution vulnerability. OpenVAS Vulnerability Test $Id: secpodaphpkbcodeexecvuln.nasl 5840 2017-04-03 12:02:24Z cfi $ Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability Authors: Sooraj KS...

Andy's PHP Knowledgebase Version Detection

The script detects the version of Andy SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.902520";...

Andy's PHP Knowledgebase < 0.95.6 'step5.php' Remote PHP Code Execution Vulnerability - Active Check

Andy SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aphpkb:aphpkb"; ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.902519";...

Andy&#039;s PHP KnowledgeBase 0.95.4 - &#039;step5.php&#039; PHP Remote Code Execution

source: https://www.securityfocus.com/bid/47918/info Andy's PHP Knowledgebase is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary PHP code within the...