[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities

NewAngels Advisory 5 Stylemotion WEB//NEWS 1.4 ============================================================================= Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkelfisch' Verton...

CVE-2005-2811

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DTRPATH, which could allow local users to gain privileges...

CVE-2005-2811

CVE-2005-2811 describes an untrusted search path (DT_RPATH) vulnerability in Net-SNMP up to version 5.2.1.2 on Gentoo Linux, where certain Perl modules are installed with an insecure DT_RPATH. This could allow a local attacker (non-remote) to gain privileges by influencing the loaded libraries. T...

CVE-2005-2840

Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the 1 Download, 2 Search, 3 Web links, 4 Blocks, 5 Messages, 6 News, 7 Comments, 8 Settings, 9 Stats or 10 subjects modules...

CVE-2005-2811

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DTRPATH, which could allow local users to gain privileges...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

Net-SNMP: Insecure RPATH

Background Net-SNMP is a suite of applications used to implement the Simple Network Management Protocol. Description James Cloos reported that Perl modules from the Net-SNMP package look for libraries in an untrusted location. This is due to a flaw in the Gentoo package, and not the Net-SNMP suit...

portail13.txt

svadvisory5 ------------------------------------------------------------- Title: SQL injections in PortailPHP | The program: PortailPHP v 1.3 | Homepage: http://www.portailphp.com/ ------------ Has found: CENSORED | 14.05.05 | ------------------------------------------------------------- The...

USN-147-2: Fixed php4-pear packages for USN-147-1

USN-147-1 1 fixed a remote code execution vulnerability in the XMLRPC module of the PEAR library. Unfortunately the packages announced in USN-147-1 were faulty and shipped broken xmlrpc modules. The updated packages ship correct modules. We apologize for the inconvenience. 1...

Multiple Sun Solaris perl modules problems

Safe.pm protection bypass, CGI.pm crossite scripting...

CVE-2005-1701

SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the 1 News, 2 File, 3 Liens, or 4 Faq modules...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

DEBIAN-CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules LKM, possibly involving the modload function...

DEBIAN-CVE-2004-0986

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2004-2514

Cross-site scripting XSS vulnerability in modules/privatemessages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the 1 SUBJECT or 2 MESSAGE field...