6334 matches found
CVE-2007-3690
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
Design/Logic Flaw
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
CVE-2007-3689
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
CVE-2007-3690
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in 1 Organic Groups, 2 Taxonomy Access Control, 3 Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments...
Print - Access bypass
Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control,...
[SECURITY] Fedora Core 6 Update: perl-Net-DNS-0.60-1.fc6
Net::DNS is a collection of Perl modules that act as a Domain Name System DNS resolver. It allows the programmer to perform DNS queries that are beyond the capabilities of gethostbyname and gethostbyaddr. The programmer should be somewhat familiar with the format of a DNS packet and its various...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Interact 2.4 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 modulekey parameter to a kb/kb.php, b quiz/runquiz.php, c quiz/quiz.php, d forum/forum.php, e forum/byname.php, and f journal/journalview.php in modules...
ProFTPD authentication bypass
There is no check data used for authentication is retrieved by the same authentication module if multiple authentication modules are configured...
CentOS 3 : pam (CESA-2007:0465)
Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...
[SECURITY] Fedora Core 6 Update: pam-0.99.6.2-3.22.fc6
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
Moderate: Red Hat Security Advisory: pam security and bug fix update
Updated pam packages that resolves several bugs and security flaws are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system whereby administrators ca...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bankdataroot parameter to modules/bank/includes/design/main.inc.php, or the 2 fmdataroot parameter to a includes/config/master.inc.php or b...
CVE-2007-2891
Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 bankdataroot parameter to modules/bank/includes/design/main.inc.php, or the 2 fmdataroot parameter to a includes/config/master.inc.php or b...
Sql injection
Multiple SQL injection vulnerabilities in modules/admin/modules/gallery.php in PHPEcho CMS 2.0-rc1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter and possibly other parameters. NOTE: some of these details are obtained from third party information...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
PT-2007-4082
Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description The issue allows remote attackers to determine the existence of certain user accounts. This is possible when OpenSSH is using OPIE One-Time Passwords in Everything for PAM. The system display...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...