847 matches found
security flaw
pamconsole does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges...
CVE-2007-4544
Cross-site scripting XSS vulnerability in wp-newblog.php in WordPress multi-user MU 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the weblogid parameter Username field...
CVE-2007-2632
Multiple cross-site scripting XSS vulnerabilities in PHP Multi User Randomizer phpMUR 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via 1 the editplugin parameter to configureplugin.tpl.php, or 2 certain array parameters to web/phpinfo.php, as demonstrated by 1 or a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHP Multi User Randomizer phpMUR 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via 1 the editplugin parameter to configureplugin.tpl.php, or 2 certain array parameters to web/phpinfo.php, as demonstrated by 1 or a...
CVE-2007-2632
Multiple cross-site scripting XSS vulnerabilities in PHP Multi User Randomizer phpMUR 2006.09.13 allow remote attackers to inject arbitrary web script or HTML via 1 the editplugin parameter to configureplugin.tpl.php, or 2 certain array parameters to web/phpinfo.php, as demonstrated by 1 or a...
PHP Multi User Randomizer 2006.09.13 - Configure_Plugin.TPL.php Cross-Site Scripting
PHP Multi User Randomizer 2006.09.13 - ConfigurePlugin.TPL.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23917/info PHP Multi User Randomizer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker m...
PHP Multi User Randomizer 2006.09.13 - 'Configure_Plugin.TPL.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23917/info PHP Multi User Randomizer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CentOS 4 : mysql (CESA-2007:0152)
Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation...
ACLS ineffective in SQL-Ledger and LedgerSMB
Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...
Hacker attack and Defense of the PPPoE authentication and use-vulnerability and early warning-the black bar safety net
A Foreword In recent years, Internet data traffic has developed rapidly, broadband users showed explosive growth, the operators in the use of xDSL, LAN, HFC, wireless and other access methods at the same time, in order to build an operable, manageable and profitable broadband network, is very...
Windows XP 3 3 8 9(terminals)multi-user login-bug warning-the black bar safety net
The first step:the first is on Windows XP SP2 installed the official version, according to the conventional manner of mounting can be, not repeat them here. Second step:prepare an earlier version of the SP2 terminal server softwareit is said that from Build 2 0 8 2 start the function is disabled,...
CVE-2006-3669
Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users...
Echo Security Advisory 2006.36
ECHO.OR.ID ECHOADV36$2006 --------------------------------------------------------------------------- ECHOADV36$2006 ExtCalendar...
[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities
ECHO.OR.ID ECHOADV36$2006 --------------------------------------------------------------------------- ECHOADV36$2006 ExtCalendar == v2.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Ahmad Maulana a.k.a Matdhule Date : Jul...
mysql security update
CentOS Errata and Security Advisory CESA-2006:0544 Updated mysql packages that fix multiple security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a...
iBoutique.MALL - Directory Traversal
iBoutique.MALL Homepage: http://www.netartmedia.net/mall/ Description: Based on iBoutique 4.0, iBoutique.MALL is a powerful multi user mall software solution. It makes possible for the new vendors to signup and create their own customized online stores with ease. Effected files: index.php Directo...
DSA-1056-1 webcalendar - verbose error message
Bulletin has no description...
PhpGroupWare Main Screen Message Script Injection Flaw
The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
[SECURITY] [DSA 1002-1] New webcalendar packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 1002-1 [email protected] http://www.debian.org/security/ Martin Schulze March 15th, 2006 http://www.debian.org/security/faq -...
PluggedOut-1.9.9c.txt
PluggedOut Blog SQL INJECTION and XSS PluggedOut Blog is an open source script you can run on your web server to give you an online multi-user journal or diary. It can be used equally well for any kind of calendar application.Rather than give you a thousand things you don't really want...