7307 matches found
CVE-2008-1154
The CVE-2008-1154 issue affects Cisco Unified Communications products featuring Disaster Recovery Framework (DRF). The DRF Master server accepts network requests without authentication, allowing a remote, unauthenticated attacker to perform DRF tasks and, per the sources, potentially execute arbi...
webutil.pl is still vulnerable against Remote Command Execution.
Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...
webutil-exec.txt
Webutil is a collection of networking tools by "The Puppet Master". Access the following url and type in the form field "$cat$IFS/etc/passwd": http://server/cgi-bin/webutil.pl?dig http://server/cgi-bin/webutil.pl?whois Version 2.3 only Type in the following url Version 2.7 only:...
RHEL 4 : autofs5 (RHSA-2007:1177)
Updated autofs5 technology preview packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of the automount daemon, which...
Fastpublish CMS 1.9999 config[fsBase] RFI Vulnerability
No description provided by source. Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...
autofs security update
CentOS Errata and Security Advisory CESA-2007:1128 Updated autofs packages are now available to fix a security flaw for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of th...
DEBIAN-CVE-2007-5972
Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds. Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores...
CVE-2007-5972
Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...
CVE-2007-5972
Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...
CVE-2007-5972
Double free vulnerability in the krb5defstoremkey function in lib/kdb/kdbdefault.c in MIT Kerberos 5 krb5 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store...
The world invincible! Flash game modifier cheat Raiders-vulnerability warning-the black bar safety net
Now online there are many flash games, these games, although compact, has simple operation, resistant to play is popular in the network, and some large game compared favorably. They are in our stressful life life add unlimited fun. In these game world ride, will inevitably encounter some of the...
CVE-2007-3304
Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the workerscore and processscore arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."...
PT-2007-3317 · Bmc · Bmc Performance Manager
Name of the Vulnerable Software and Affected Versions: BMC Performance Manager affected versions not specified Description: The issue concerns a lack of authentication requirement for requests to modify configuration files. This could potentially allow remote attackers to execute arbitrary code b...
Sitebar 3.3.5 (index.php writerFile)Remote File Include Vulnerabilities
Sitebar = 3.3.5 Remote File Include Vulnerabilities D.Script: http://scripts.ringsworld.com/bookmark-management/sitebar-3.3.5.zip -::AUTHOR: VerY-SecReT Homepage: http://www.sniper-sa.com Exploit: :- target/sitebar/index.php?writerFile=Shell target/sitebar/Integrator.php?file=Shell $Includer:...
NetVios Portal (page.asp) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================ NetVios Portal page.asp Remote SQL Injection Vulnerability ============================================================ Title : NetVios Portal page.asp Remote SQL Injection...
NSS: SSLv2 protocol buffer overflows
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...
NSS: SSLv2 protocol buffer overflows
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote...
CVE-2006-7163
DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are...
CVE-2006-7163
DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are...