CVE-2007-0534

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 1 Project issue tracking 4.7.0 through 5.x before 20070123 and 2 Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a certain "fields on project nodes" or...

phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability

phpCOIN = RC-1 modules/mail/index.php Remote File Include Vulnerability Script: phpCOIN Version: RC-1 URL: http://www.phpcoin.com/coinmodules/downloads/dload.php?id=1 Found by: Born To K!LL Bug in : modules/mail/index.php code : Include module functions file include...

vhostadmin 0.1 (MODULES_DIR) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ vhostadmin 0.1 MODULESDIR Remote File Inclusion Vulnerability ================================================================ | | \ | Dr Max Virus | / \ | | / / || \ / ...

vhostadmin 0.1 - MODULES_DIR Remote File Inclusion

vhostadmin 0.1 - MODULESDIR Remote File Inclusion | | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

| | \ | Dr Max Virus | / \ | | / / || \ / \ ------------------------------------------------------------------------------------------------------------------------ Script:vHostAdmin Affected Version:1.0 Risk:Highly Critical...

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

GLSA-200612-04 : ModPlug: Multiple buffer overflows

The remote host is affected by the vulnerability described in GLSA-200612-04 ModPlug: Multiple buffer overflows Luigi Auriemma has reported various boundary errors in loadit.cpp and a boundary error in the 'CSoundFile::ReadSample' function in sndfile.cpp. Impact : A remote attacker can entice a...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion

--------------------------------------|| Viva Palestine ||----------------------------------------- PhpShop-Core append.php Remot File Include Vulnerability Found By : CoLd Zero Wasem898 Source : includeonce $4AZHARTeAM."Securty."; PalesTine Arab Muslim Hacker's PhpShop-Core v0.9.0 RC1 Class:...

CVE-2006-5494

Multiple PHP remote file inclusion vulnerabilities in modules/MyeGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the 1 adminpath or 2 basepath parameters. NOTE: this issue might overlap CVE-2006-6795...

Jaws 0.5.2 - '/include/JawsDB.php' Remote File Inclusion

ToXiC Jaws 0.5.2: Remote File Inclusion by ToXiC CreW ToXic Security Italian CreW BuG FounD by Drago84 Application Affect: jaws 0.5.2 Sorce Code: http://forge.novell.com/modules/xfcontent/private.php/jaws/jaws-0.5.2/jaws-0.5.2.tar.gz Page: JawsDB.php Problem: GLOBALS"path" not Declare Dir :...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion

+------------------------------------------------------------------------------------------- + ALiCE-CMS 0.1 CONFIGlocalroot Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: ALiCE-CMS 0.1 + Vendor...

Debian DSA-1148-1 : gallery - several vulnerabilities

Several remote vulnerabilities have been discovered in gallery, a web-based photo album. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2734 A cross-site scripting vulnerability allows injection of web script code through HTML or EXIF information. ...

Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities

The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we're providing the original problem description : Several local and remote vulnerabilities have been discovered in t...

CVE-2006-4876

Multiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via 1 the user name during login, or the 2 key or 3 fpwusername parameters in modules/register...

CVE-2006-4588

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module...

CVE-2006-4588

vtiger CRM 4.2.4 (and possibly earlier) contains an authentication-bypass vulnerability that lets remote attackers access administrative modules by issuing a direct request to index.php with a modified module parameter, demonstrated via the Settings module. Root cause: improper validation of the ...