6308 matches found
SA-2008-063 - multiple third party modules - Access bypass due to incorrect Drupal 6 updates
Several contributed modules were incorrectly updated for the Drupal 6.x menu system in such a way that the intended access controls are likely to be by-passed by unprivileged users. In some cases, this includes access to the administrative functions of these modules, or access to content the user...
WebBiscuits Modules Controller <= 1.1 (RFI/RFD) Remote Vulnerabilities
Exploit for unknown platform in category web applications ====================================================================== WebBiscuits Modules Controller = 1.1 RFI/RFD Remote Vulnerabilities ====================================================================== WebBiscuits Modules Controlle...
WebBiscuits Modules Controller 1.1 - Remote File Inclusion Remote File Disclosure
WebBiscuits Modules Controller 1.1 - Remote File Inclusion Remote File Disclosure | | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | WebBiscuits Modules Controller = 1.1 RFI/RFD Multiple Remote Vulnerabilities Script :...
WebBiscuits Modules Controller 1.1 - Remote File Inclusion / Remote File Disclosure
| | | \ \ \ / / / \ / | / | / | | | | | | \ V / / \ | | | | | | | | | | | / \ | || | | | | | || || \ || // \ | | | WebBiscuits Modules Controller = 1.1 RFI/RFD Multiple Remote Vulnerabilities Script : http://webbiscuits.com/download/all11.zip I- Remote File Inclusion Vulnerability...
Buffer overflow
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors...
Null pointer dereference
The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to cause a denial of service NULL pointer dereference and child process crash via crafted HTTP headers, related to the "error handling mechanism."...
CVE-2008-4403
CVE-2008-4403 affects Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087. The CGI server modules can be exploited remotely to trigger a denial of service via crafted HTTP headers, caused by a NULL pointer dereference in the error handling mechanism. The availab...
CentOS 3 / 4 / 5 : wireshark (CESA-2008:0890)
Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was...
Moderate: Red Hat Security Advisory: wireshark security update
Updated wireshark packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Wireshark is a program for monitoring network traffic. Wireshark was...
CVE-2008-4337
Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...
CVE-2008-4337
Cross-site scripting XSS vulnerability in Bitweaver 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the URL parameter to 1 edit.php and 2 list.php in articles/; 3 listblogs.php and 4 rankings.php in blogs/; 5 calendar/index.php; 6 calendar.php, 7 index.php, and 8...
FreeBSD : lighttpd -- multiple vulnerabilities (fb911e31-8ceb-11dd-bb29-000c6e274733)
Lighttpd seurity announcement : lighttpd 1.4.19, and possibly other versions before 1.5.0, does not decode the url before matching against rewrite and redirect patterns, which allows attackers to bypass rewrites rules. this can be a security problem in certain configurations if these rules are us...
Gentoo Security Advisory GLSA 200509-05 (net-snmp)
The remote host is missing updates announced in advisory GLSA 200509-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200311-01 (kdebase)
The remote host is missing updates announced in advisory GLSA 200311-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200509-05 (net-snmp)
The remote host is missing updates announced in advisory GLSA 200509-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-4155
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. dot dot in the 1 module or 2 action parameter in a www/index.php; the 3 module, 4 ssmodule, or 5 ssaction parameter in b modules/Module/index.php or c...
Kasseler CMS 1.1.0/1.2.0 Lite Remote SQL Injection Vulnerabilities
No description provided by source. Kasseler CMS 1.1.0, 1.2.0 Lite SQL Injection Author: !DoktOR! Date found: 13.09.08 Product: Kasseler CMS Version: 1.1.0, 1.2.4 URL: www.kasseler-cms.net Vulnerability Class: SQL Injection...
drupal-xss.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Date: Sept 12, 2008 Security risk: medium Exploitable from: Remote Vulnerability: Cross site scripting Description Drupal is a robust content management system CMS that provides extensibility through hundreds of third party modules. While the security...
K-Rate (SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================ K-Rate SQL/XSS Multiple Remote Vulnerabilities ================================================ ================================================================================ || K-Rate...
Directory traversal
Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 includes/eventsapplicationtop.php; 2 english/account.php, 3 french/account.php, a...