6310 matches found
CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 oid parameter in modules/gateway/Protx/confirmed.php and the 2 xinvoicenum parameter in modules/gateway/Authorize/confirmed.php...
CVE-2006-4192
Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...
CVE-2006-4192
Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...
CVE-2006-4192
Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...
CVE-2006-4192
Multiple buffer overflows in MODPlug Tracker OpenMPT 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via 1 long strings in ITP files used by the CSoundFile::ReadITProject functi...
WEBInsta CMS 0.3.1 - users.php Remote File Inclusion
WEBInsta CMS 0.3.1 - users.php Remote File Inclusion / Vulnerable product : http://www.webinsta.com/download.html WEBInsta. CMS 0.3.1 Author : Yns - yns.zaxaz.com / Exploit: http://HOST/PATH/modules/usersonline/users.php?moduledir=REMOTEFILE milw0rm.com 2006-08-15...
kernel security update
CentOS Errata and Security Advisory CESA-2006:0437 Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the eighth regular update. This security advisory has been rated as having important security impact by the Red Ha...
CVE-2006-3601
UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke .net nuke allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product...
CVE-2006-3601
The CVE-2006-3601 entry concerns DotNetNuke (.net nuke) via a DotNetNuke add-on (BDPDT) used by DotNetNuke modules. The connected Nessus document describes a specific vulnerability in BDPDT used by multiple DotNetNuke add-ons where an ASP.NET script UploadFilePopUp.aspx allows uploading arbitrary...
CVE-2006-3601
UNVERIFIABLE Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke .net nuke allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product...
DEBIAN-CVE-2006-2194
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...
CentOS 4 : kernel (CESA-2006:0132)
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the third regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Linux kernel handles the basic...
CentOS 4 : pam (CESA-2005:805)
An updated pam package that fixes a security weakness is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. PAM Pluggable Authentication Modules is a system security tool that allows system administrators t...
WinRAR 3.60 Beta 6 - SFX Path Stack Overflow
""" WinRAR - Stack Overflows in SelF - eXtracting Archives ====================================================== Tested Versions..: WinRAR 3.60 beta 4 Author.............: posidron An SFX SelF-eXtracting archive is an archive, merged with an executable module, which is used to extract files from...
Invision Power Board v1.3 Final SQL Injection
By:- Breeeeh [email protected] --------------------- example:- /index.php?act=Stats&CODE=SQL Injection /index.php?act=Mail&CODE=SQL Injection /index.php?act=Reg&CODE=SQL Injection...
security flaw
Heap-based buffer overflow in OpenOffice.org aka StarOffice 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by 1 Calc, 2 Draw, 3 Impress, 4 Math, or 5 Writer, aka "File Format /...
CentOS 3 : kernel (CESA-2005:663)
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...
CVE-2006-3172
Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...
CVE-2006-3173
Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...
USN-302-1: Linux kernel vulnerabilities
An integer overflow was discovered in the doreplace function. A local user process with the CAPNETADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only...