6335 matches found
CVE-2009-1809
Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...
CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...
[Full-disclosure] Drupal Embedded Media Field Module Multiple XSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are posted at http://lampsecurity.org/drupal-6-embed-media-xss-vulnerability Vendor notified: 5/27/09 Vendor response: see below Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a...
[SECURITY] Fedora 10 Update: eggdrop-1.6.19-4.fc10
Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...
[SECURITY] Fedora 9 Update: eggdrop-1.6.19-4.fc9
Eggdrop is the world's most popular Open Source IRC bot, designed for flexibility and ease of use. It is extendable with Tcl scripts and/or C modules, has support for the big five IRC networks and is able to form botnets, share partylines and userfiles between bots...
[Full-disclosure] Drupal 6 CCK Module XSS Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vendor Notified: 05/18/09 Vendor Response: Karoly Negyesi of Drupal security denies issue exists. Drupal security has responded to reports of CCK based XSS vulnerabilities in past with http://drupal.org/node/372836, which basically shirks the issue...
Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications =========================================================== Pluck 4.6.2 langpref Local File Inclusion Vulnerabilities =========================================================== =-=-local file include-=-=...
CastRipper 2.50.70 (.m3u) Universal Stack Overflow Exploit
No description provided by source. !/usr/bin/perl CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit Exploited By Stack first exploiter :d http://www.milw0rm.com/exploits/8660 bien jouer :d frero my $shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"...
CastRipper 2.50.70 .M3U Universal Stack Overflow
!/usr/bin/perl CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit Exploited By Stack first exploiter :d http://www.milw0rm.com/exploits/8660 bien jouer :d frero my $shellcode = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"...
CastRipper 2.50.70 (.m3u) Universal Stack Overflow Exploit
Exploit for unknown platform in category local exploits ========================================================== CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit ========================================================== !/usr/bin/perl CastRipper 2.50.70 .m3u Universal Stack Overflow...
CastRipper 2.50.70 - .m3u Universal Stack Overflow
CastRipper 2.50.70 - .m3u Universal Stack Overflow !/usr/bin/perl CastRipper 2.50.70 .m3u Universal Stack Overflow Exploit Exploited By Stack first exploiter :d http://www.milw0rm.com/exploits/8660 bien jouer :d frero my $shellcode =...
CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
DEBIAN-CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
Fedora 10 : dia-0.96.1-9.fc10 (2009-0943)
Filter out untrusted python modules search path to remove the possibility to run arbitrary code on the user's system if there is a python file in dia's working directory named the same as one that dia's python scripts try to import. Note that Tenable Network Security has extracted the preceding...
Ubuntu USN-752-1 (linux-source-2.6.15)
The remote host is missing an update to linux-source-2.6.15 announced via advisory USN-752-1. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed...
[SECURITY] Fedora 9 Update: pam-1.0.4-4.fc9
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
[SECURITY] Fedora 10 Update: pam-1.0.4-4.fc10
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
Loggix Project 9.4.5 Blind SQL Injection
Salvatore "drosophila" Fresta + Application: Loggix Project + Version: 9.4.5 + Website: http://loggix.gotdns.org + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 10 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...
[Backports-security-announce] Security Update for openafs
Russ Allbery uploaded new packages for openafs a distributed file system which fixed the following security problems: CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a...
Loggix Project 9.4.5 SQL Injection
Salvatore "drosophila" Fresta + Application: Loggix Project + Version: 9.4.5 + Website: http://loggix.gotdns.org + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 10 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...