4576 matches found
migrationtools symbolic links problem
Symbolic links problem on temporary files creation...
DSA-1187-1 migrationtools
Bulletin has no description...
AWStats migrate parameter command injection
Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...
AWStats 6.5 - migrate Remote Shell Command Injection
AWStats 6.5 - migrate Remote Shell Command Injection !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from...
CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages...
CVE-2005-4759
CVE-2005-4759 affects BEA WebLogic Server and WebLogic Express 8.1 and 7.0. During OS platform migrations, it does not warn the admin about URLResource case-sensitivity differences, which may cause local users to inadvertently lose protection of Web Application pages. The NVD metrics show a base ...
DEBIAN-CVE-2006-0512
PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh, 4 migrateallnetinfooffline.s...
CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages...
DEBIAN-CVE-2005-4683
PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by 1 migrateallonline.sh, 2 migratealloffline.sh, 3 migrateallnetinfoonline.sh...
Fedora Core 3 : mailman-2.1.5-32.fc3 (2005-242)
A cross-site scripting XSS flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2004-1177 to this issue. Users of mailman should upda...
Microsoft Security Bulletin MS05-029 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179)
Microsoft Security Bulletin MS05-029 Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks 895179 Issued: June 14, 2005 Version: 1.0 Summary Who should read this document: System administrators who have servers that are running Outlook Web Access for...
poppassd_pam: Unauthorized password changing
Background poppassdpam is a PAM-enabled server for changing system passwords that can be used to change POP server passwords. Description Gentoo Linux developer Marcus Hanwell discovered that poppassdpam did not check that the old password was valid before changing passwords. Our investigation...
Debian DSA-086-1 : ssh-nonfree - remote root exploit
We have received reports that the 'SSH CRC-32 compensation attack detector vulnerability' is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH the Debian ssh package was fixed at that time, but ssh-nonfree and ssh-socks were not...
AWStats < 6.6 migrate Variable Command Execution
Binary data 3536.prm...
IBM WebSphere Application Server < 6.1.0.25 Multiple Vulnerabilities
Binary data 5077.prm...
Multiple vulnerabilities in P4DB
Product: P4DB URL: http://www.mydata.se/ftp/P4DB/ Version: P4DB v2.01 and earlier Risk: Multiple vunlerabilities high Description: P4DB is a CGI based tool that provides a web-based interface to Perforce source code repositories. It is third-party software, developed by an individual and...
[SEC] Hole in PHPLib 7.2 prepend.php3
The PHPLib Team announces phplib-7.2d, availible now. This release fixes the recently discovered hole in prepend.php3 that can allow a remote attacker to inject non-local code into any phplib based script. Please note that this affects all applications that depend on PHPLib. Some apps have decide...
Update Rollup 7 for System Center 2016 Virtual Machine Manager
None None...
Update Rollup 2 for System Center 2019 Virtual Machine Manager
None None...
Update Rollup 10 for System Center 2016 Virtual Machine Manager
None None...