security flaw

The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service panic via certain socket calls that produce inconsistent reference counts for loadable protocol modules...

CVE-2006-1856

Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules LSM filepermission hooks to the 1 readv and 2 writev functions, which might allow attackers to bypass intended access restrictions...

invisionGallery206.txt

left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...

modulesSQL2.txt

By: Mr-X Email: [email protected] Subject: modules nameDownloadsSQL Injection example:- /modules.php?/modules.php?name=Downloads&dop=viewdownload&cid=SQL...

modulesSQL.txt

By: Mr-X Email: [email protected] Subject: modules nameSectionsSQL Injection example:- /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=SQL...

XSS Bug in OpenGear Server Website

0x0 Advisory ============== Web Penetrated By:- [email protected] ======================================= Hit :- Site Manipulation. ==== Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite ============== BrowserStatus :- Windows IE 6.0 ============== Injections :- ========== 0x01 ' ...

Path traversal

Jupiter CMS 1.1.5, when displayerrors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:056)

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

DEBIAN-CVE-2006-0056

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted passwords, which lead to a doubl...

Ubuntu 4.10 : linux-source-2.6.8.1 vulnerabilities (USN-38-1)

CAN-2004-0814 : Vitaly V. Bursov discovered a Denial of Service vulnerability in the 'serio' code; opening the same tty device twice and doing some particular operations on it caused a kernel panic and/or a system lockup. Fixing this vulnerability required a change in the Application Binary...

CVE-2006-0185

Multiple cross-site scripting vulnerabilities in the 1 Pool or 2 News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag...

PHP-Nuke News Submission Story - Text Field Cross-Site Scripting

PHP-Nuke News Submission Story - Text Field Cross-Site Scripting source: https://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input...

PHP-Nuke News Submission Story - Text Field Cross-Site Scripting

source: https://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...

Multiple Linux kernel vulnerabilities

sendmsg stack based buffer overflow, rawsendmsg kernel memory access, iptrecent module DoS, fput DoS on 64-bit platforms with 32-bit emulation, DRM debugging sensitive information access, Orinoco driver kernel memory access, AUDITSYSCALL memory leak, user's VT terminal access, ipvsconnflush race...

CVE-2005-4190

Multiple cross-site scripting XSS vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by 1 the identity field, 2 Category and 3 Label search fields, 4 the Mobile Phone field, and ...

CVE-2005-3772

Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the 1 Itemid variable in the Polls modules and 2 multiple unspecified methods in the mosDBTable class...

CVE-2003-1238

CVE-2003-1238 is a cross-site scripting (XSS) vulnerability in Nuked-Klan 1.3 beta and earlier. The flaw allows remote attackers to steal authentication cookies by injecting arbitrary HTML or script into the op parameter of the Team, News, and Liens modules. Affected component is the web applicat...

PHP-Nuke 7.8 Search Module - SQL Injection

PHP-Nuke 7.8 Search Module - SQL Injection !/usr/bin/perl -w use IO::Socket; if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET." HTTP/1.0\n"; print $send "Host: ".%HOST."\n...

PHP-Nuke 7.8 Search Module - SQL Injection

!/usr/bin/perl -w use IO::Socket; if @ARGV new Proto = "tcp", PeerAddr = "$HOST", PeerPort = "80" || die " Connect FAILED\n"; print " Connected OK\n"; print " Sending exploit OK\n\n"; print $send "POST ".$GET." HTTP/1.0\n"; print $send "Host: ".%HOST."\n"; print $send "Referer:...