CVE-2008-2708

Unspecified vulnerability in the Sun 1 UltraSPARC T2 and 2 UltraSPARC T2+ kernel modules in Sun Solaris 10, and OpenSolaris before snv93, allows local users to cause a denial of service panic via unspecified vectors, probably related to core files...

Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...

HTTPD-User-Manage cross-site scripting vulnerability

Overview HTTPD-User-Manage is a set of Perl modules for managing user authentication information for web servers. It contains a cross-site scripting vulnerability in its CGI as it does not properly validate input strings. This problem does not occur when only the library for managing database is...

Webmin and Usermin authentication bypass vulnerability

Overview Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used. Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

Smeego 1.0 (Cookie lang) Local File Inclusion Exploit

No description provided by source. Smeego CMS Local File Include Exploit by 0in from Dark-Coders Programming & Security Group http://dark-coders.4rh.eu -------------------------------------------------------- Contact: 0indotemailatgmaildotcom ------------------------------------------------------...

DEBIAN-CVE-2008-2147

Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory...

Sql injection

SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter...

Phoenix View CMS Pre Alpha2 - SQL Injection Local File Inclusion Cross-Site Scripting

Phoenix View CMS Pre Alpha2 - SQL Injection Local File Inclusion Cross-Site Scripting Phoenix View CMS = Pre Alpha2 Multiple Vulnerabilities LFISQLIXSS Found by : tw8 Date : 8.05.2008 Website && Forum : http://rstzone.org && http://rstzone.org/forum/ Bug type : LFI, SQLI & XSS Affected software...

CVE-2008-2035

Cross-site scripting XSS vulnerability in the Bluemoon, Inc. 1 BackPack 0.91 and earlier, 2 BmSurvey 0.84 and earlier, 3 newbbfileup 1.83 and earlier, 4 Newsembed newsfileup 1.44 and earlier, and 5 PopnupBlog 3.19 and earlier modules for XOOPS 2.0.x, XOOPS Cube 2.1, and ImpressCMS allows remote...

Python PyLocale_strxfrm函数远程信息泄露漏洞

BUGTRAQ ID: 23887 CVECAN ID: CVE-2007-2052 Python是一种开放源代码的脚本编程语言。 Python的Modules/localemodule.c文件中的PyLocalestrxfrm函数中存在单字节溢出漏洞，允许攻击者读取部分内存内容。 Modules/localemodule.c:361 356 n1 = strlens + 1; 357 buf = PyMemMallocn1; 358 if !buf 359 return PyErrNoMemory; 360 n2 = strxfrmbuf, s, n1;...

XOOPS Recette 2.2 - 'detail.php' SQL Injection

source: https://www.securityfocus.com/bid/28859/info XOOPS Recette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Remote file inclusion

PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATHTOCODE parameter...

phpblock-rfi.txt

Script Name : PHP Block a8.4 Download : http://sourceforge.net/project/downloading.php?groupid=186381&usemirror=surfnet&filename=a8.4.zip&73507325 Error : includeonce $PATHTOCODE."/script/fonction.php"; Vul Code :...

SA-2008-023 - Ubercart - Cross site scripting

During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...

Kill KV 2 0 0 8, Rising, etc. most of the mollusc-vulnerability warning-the black bar safety net

Article author: sudami [email protected] Information source: evil octal information security team www.eviloctal.com） Original source: http://hi.baidu.com/sudami/blog/item/a0f114dac68fe3dfb6fd481a.html Preface: Writing this article is not to spread the virus technology,but for the majority of compute...

exv2webchat-sql.txt

Powered by eXV2 WebChat 1.60 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORKS 1 : allinurl :"modules/WebChat" EXPLOIT 1 :...

exv2viso-sql.txt

Powered by eXV2 Viso 2.03 SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAİL : [email protected] DORKS 1 : allinurl :"modules/viso" EXPLOIT 1 :...

PT-2008-2889 · Php Nuke · Php-Nuke

Name of the Vulnerable Software and Affected Versions: PHP-Nuke affected versions not specified Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the cat parameter in a viewcat action to modules.php...

CVE-2008-1060

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...