Design/Logic Flaw

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

CVE-2007-4650

Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to 1 rename items, 2 read and modify item properties, or 3 lock and replace items via unknown vectors in a the WebDAV module; and 4 edit unspecified data files using "linked items" in WebDAV and b Reupload modules...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...

Remote Memory Read in Diskeeper 9 - 2007

Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison function that is remotely, anonymously...

Diskeeper 9 - Remote Memory Disclosure

Diskeeper 9 - Remote Memory Disclosure / Diskeeper Remote Memory Disclosure Credit: Pravus pravus -a-t- hush -d-o-t- com Greetz: Scientology for making a remotely accessible disk defragmenter. Felix, Jenna, and Isaac. Vulnerability Description: This vulnerability involves a memory comparison...

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability ------------------------------------------------------------------------ Script : Neuron Blog Version : 1.1 Site : http://dev.localhost.be/?q=detail-script&id=11 Founder : Rizgar Contact : [email protected] and...

Novell Client 4.91 SP4 nwspool.dll buffer overflow

Added: 08/10/2007 CVE: CVE-2007-6701 BID: 25092 OSVDB: 37319 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by buffer overflow vulnerabilities in several different functions, allowing remote...

Sql injection

Multiple SQL injection vulnerabilities in module.php in LANAI la-nai CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via 1 the mid parameter in an faqviewgroup action in the FAQ Modules, 2 the cid parameter in the EZSHOPINGCART Modules, or 3 the gid parameter in a view action ...

CVE-2007-4210

CVE-2007-4210 affects LANAI (la-nai) CMS 1.2.14. The issue consists of multiple SQL injection vulnerabilities in module.php, allowing remote attackers to execute arbitrary SQL commands via three parameters: (1) mid in the FAQ Modules (faqviewgroup action), (2) cid in EZSHOPPINGCART Modules, and (...

lanai-sql.txt

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

la-nai cms 1.2.14 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== la-nai cms 1.2.14 Multiple Remote SQL Injection Vulnerabilities =============================================================== newhackdotorg la-nai cmsv1.2.14 - Remote SQL...

Lanius CMS 1.2.14 - Multiple SQL Injections

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

CVE-2007-4100

MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/webinfos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist...

CVE-2007-4100

Removed by vendor...

ASA-2007-016: Remote crash vulnerability in Skinny channel driver

Asterisk Project Security Advisory - ASA-2007-016 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Remote crash vulnerability in Skinny channel | | | driver |...

Sql injection

Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via 1 the idurlo field in the deleteurlo function in a index.php in the urlobox module; the iden field in the 2 updatefile and 3 delfile functions in b index.php in the reviews module...

osCommerce Online Merchant v2.2 RC1 local include bug

osCommerce Online Merchant v2.2 RC1 local include bug SEVERITY: ========= Normal SOFTWARE: ========= osCommerce Online Merchant v2.2 RC1 http://oscommerce.com/ INFO: ===== osCommerce is an Open Source based online shop e-commerce solution that is available for free under the GNU General Public...

squirrel-exec.txt

SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability Bugtraq ID: 24782 ----------------------------- There are various vulnerabilities in this software! One is in keyringmain.php! $fpr is not escaped from shellcommands! testbox:/home/w00t cat /tmp/w00t cat: /tmp/w00t: No...

MKPortal 1.1.1 reviews Gallery modules - SQL Injection

MKPortal 1.1.1 reviews Gallery modules - SQL Injection ?php / i MkPortal "reviews" and "gallery" modules SQL Injection Exploit i Vulnerable versions: MkPortal = 1.1.1 i Bug discovered by: Coloss i Exploit by: Coloss i Date: 06.07.2007 i This is priv8 not for kids Notes At this time MkPortal 1.1.1...

Design/Logic Flaw

The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...