CentOS 3 : kernel (CESA-2005:663)

Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 3. This is the sixth regular update. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...

CVE-2006-3172

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash / character in the 1 langpath parameter to a cms/plugins/colman/column.inc.php, b cms/plugins/poll/poll.inc.php, c...

CVE-2006-3173

Multiple PHP remote file inclusion vulnerabilities in ContentBuilder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pathcb parameter to a libraries/comment/postComment.php and b modules/poll/poll.php, 2 rel parameter to c modules/archive/overview.inc.php, and the 3...

USN-302-1: Linux kernel vulnerabilities

An integer overflow was discovered in the doreplace function. A local user process with the CAPNETADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only...

Content-Builder (CMS) <= 0.7.2 Multiple Include Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== Content-Builder CMS / Expl: http://www.site.com/cbpath/libraries/comment/postComment.php?pathcb=evilscripts...

Content-Builder (CMS) &lt;= 0.7.2 Multiple Include Vulnerabilities

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...

Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder / Expl: http://www.site.com/cbpath/libraries/comment/postComment.php?pathcb=evilscripts http://www.site.com/cbpath/modules/archive/overview.inc.php?rel=evilscripts...

Minerva 2.0.8a Build 237 - &#039;phpbb_root_path&#039; File Inclusion

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ Minerva phpbbrootpath = 2.0.8a Build 237 Remote File Include Vulnerability $$ script site: http://sourceforge.net/projects/minerva/ $$ dork: Powered by Minerva 237 $$...

Remote file inclusion

PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALSAAINCPATH parameter in 1 cached.php3, 2 cron.php3, 3 discussion.php3, 4 filldisc.php3, 5 filler.php3, 6 fillform.php3, 7 go.php3, 8 hiercons.php3, 9...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...

security flaw

The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service panic via certain socket calls that produce inconsistent reference counts for loadable protocol modules...

CVE-2006-1856

Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules LSM filepermission hooks to the 1 readv and 2 writev functions, which might allow attackers to bypass intended access restrictions...

modulesSQL.txt

By: Mr-X Email: [email protected] Subject: modules nameSectionsSQL Injection example:- /modules.php?name=Surveys&op=results&pollID=8&mode=&order=&thold=SQL...

invisionGallery206.txt

left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...

modulesSQL2.txt

By: Mr-X Email: [email protected] Subject: modules nameDownloadsSQL Injection example:- /modules.php?/modules.php?name=Downloads&dop=viewdownload&cid=SQL...

XSS Bug in OpenGear Server Website

0x0 Advisory ============== Web Penetrated By:- [email protected] ======================================= Hit :- Site Manipulation. ==== Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite ============== BrowserStatus :- Windows IE 6.0 ============== Injections :- ========== 0x01 ' ...

Path traversal

Jupiter CMS 1.1.5, when displayerrors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:056)

Versions of Xorg 6.9.0 and greater have a bug in xf86Init.c, which allows non-root users to use the -modulepath, -logfile and -configure options. This allows loading of arbitrary modules which will execute as the root user, as well as a local DoS by overwriting system files. Updated packages have...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via 1 uname, 2 error, 3 profile or 4 the username filed parameter to the a YourAccount module, 5 catid, 6 sid, 7 Story Text or 8 Extended text text field...

DEBIAN-CVE-2006-0056

Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted passwords, which lead to a doubl...