RunCMS 1.6 - Local File Inclusion

RunCMS 1.6 - Local File Inclusion WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior version...

RunCMS 1.6 - Local File Inclusion

WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: RunCms Multiple Vulnerabilities Vendor: http://www.runcms.org/ Bugs: Local File Inclusion, Modules Authorization Weakness Vulnerable Version: RunCMS 1.6 Halloween, 1.5.x prior versions also may be affected Exploitatio...

CVE-2007-6079

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the xoopsOptionpagetype parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product...

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections

Alstrasoft e-Friends 4.98 - seid Multiple SQL Injections \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV85$2007 ----------------------------------------------------------------------------------------- ECHOADV85$2007 alstrasoft E-Friends = 4.98 seid...

pam security update

CentOS Errata and Security Advisory CESA-2007:0737 Updated pam packages that fix two security flaws, resolve two bugs, and add an enhancement are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team...

Security fix for the ALT Linux 5 package samba version 3.0.27-alt1

Nov. 15, 2007 Alexander Bokovoy 3.0.27-alt1 - Security release 3.0.27: + CVS-2007-4572 Stack buffer overflow in nmbd's logon request processing. + CVE-2007-5398 Remote code execution in Samba's WINS server daemon nmbd when processing name registration followed name query requests. - Updated set o...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2007:0961 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting languag...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A flaw was...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. An SSL certifica...

openSUSE 10 Security Update : yast2-core (yast2-core-4634)

This update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory i.e. /tmp. Thanks to Stefan Nordhausen for reporting th...

Ubuntu 6.10 : linux-restricted-modules-2.6.17 vulnerability (USN-404-1)

Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges. Note that Tenable Network...

Gallery: Multiple vulnerabilities

Background Gallery is a PHP based photo album manager. Description Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Impact A remote attacker could exploit these vulnerabilities to bypass security restrictions and rename, replace...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter to 1 certinfo/index.php, 2 emails/index.php, 3 events/index.php, 4 fax/index.php, 5 files/index.php, 6...

PHP Project Management <= 0.8.10 Multiple RFI / LFI Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities =================================================================== PHP Project Management = 0.8.10...

PeopleAggregator <= 1.2pre6-release-53 Multiple RFI Vulnerabilities

Exploit for unknown platform in category web applications =================================================================== PeopleAggregator = 1.2pre6-release-53 Multiple RFI Vulnerabilities =================================================================== PeopleAggregator 1.2pre6 Multiple...

PHP Project Management 0.8.10 - Multiple LocalRemote File Inclusions

PHP Project Management 0.8.10 - Multiple LocalRemote File Inclusions PHP Project Management = 0.8.10 Multiple RFI / LFI Vulnerabilities http://surfnet.dl.sourceforge.net/sourceforge/php-pm/release-0.8.tar.gz DORK : "PHP Project Management 0.8.10" POC : RFI...

CVE-2002-2249

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to 1 backend.php, 2 screen.php, or 3 admin/modules/comment.php...

Design/Logic Flaw

Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console /dev/console access to cause a denial of service "unusable" system console via unspecified vectors...

CVE-2007-5319

Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console /dev/console access to cause a denial of service "unusable" system console via unspecified vectors...

CVE-2007-5319

CVE-2007-5319 concerns the vuidmice STREAMS modules on Sun Solaris 8, 9, and 10. The vulnerability allows local users with access to the console (/dev/console) to cause a denial of service, rendering the system console unusable via unspecified vectors. The provided description does not specify th...