Mandrake Security Advisory MDVSA-2009:131-1 (apr-util)

The remote host is missing an update to apr-util announced via advisory MDVSA-2009:131-1. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

DEBIAN-CVE-2009-1959

Off-by-one error in the eventwallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service crash via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow...

CVE-2009-1956

Off-by-one error in the aprbrigadevprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service application crash via crafted input...

Buffer overflow

Off-by-one error in the eventwallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service crash via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow...

CVE-2009-1959

Off-by-one error in the eventwallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service crash via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow...

Shop Script Pro 2.12 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================= Shop Script Pro 2.12 Remote SQL Injection Exploit ================================================= !/usr/bin/perl =about VENDOR Shop Script Pro 2.12 maybe other versions vulnerable too...

CVE-2009-1956

CVE-2009-1956: Off-by-one error in apr_brigade_vprintf in Apache APR-util before 1.3.5 on big-endian platforms. Remote attackers could obtain sensitive information or cause a denial of service (application crash) via crafted input. Affected product: APR-util (pre-1.3.5) used with APR/httpd; impac...

Kjtechforce mailman b1 (dest) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

Kjtechforce mailman b1 - Delete Row code SQL Injection

Kjtechforce mailman b1 - Delete Row code SQL Injection || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

LightOpenCMS 0.1 pre-alpha Remote SQL Injection

Salvatore "drosophila" Fresta + Application: LightOpenCMS + Version: 0.1 pre-alpha + Website: http://sourceforge.net/projects/lightopencms + Bugs: A Remote SQL Injection + Exploitation: Remote + Date: 05 Jun 2009 + Discovered by: Salvatore Fresta aka drosophila + Author: Salvatore Fresta aka...

PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. + PropertyMax Pro FREE SQL/XSS Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + SQL Injection Auth Bypass Conditions : magicquotesgpc = off Go to : http://127.0.0.1/path/admin Login as : Username : 'or''=' Password...

cpCommerce 1.2.x File Inclusion

!/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation: cpCommerce contains one flaw that allows an attacker to...

CPCommerce 1.2.x - GLOBALS[prefix] Arbitrary File Inclusion

CPCommerce 1.2.x - GLOBALSprefix Arbitrary File Inclusion !/usr/bin/perl cpCommerce 1.2.x GLOBALSprefix Arbitrary File Inclusion Exploit by staker mail: stakerathotmaildotit url: http://cpcommerce.cpradio.org it works with registerglobals=on if you wanna carry out a LFI - mq=off short explanation...

minitwitter 0.3-beta - SQL Injection Cross-Site Scripting

minitwitter 0.3-beta - SQL Injection Cross-Site Scripting || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH!...

NSD (Name Server Daemon) 'packet.c' Off-By-One Buffer Overflow Vulnerability

NSD Name Server Daemon is prone to an off-by-one buffer overflow vulnerability because the server fails to perform adequate boundary checks on user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

FreeType off-by-one flaws

Multiple off-by-one errors in FreeType2 before 2.3.6 allow context-dependent attackers to execute arbitrary code via 1 a crafted table in a Printer Font Binary PFB file or 2 a crafted SHC instruction in a TrueType Font TTF file, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2009-1755

Off-by-one error in the packetreadquerysection function in packet.c in nsd 3.2.1, and processquerysection in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow...

Coppermine Photo Gallery <= 1.4.22 Multiple Remote Vulnerabilities

No description provided by source. Author: girex Site: http://girex.altervista.org/ CMS: Coppermine Photo Gallery = 1.4.22 Coppermine Foto Gallery suffers from different vulnerabilities. There is a Local File Inclusion and a Blind SQL Injection working with registerglobals = On and magicquotesgpc...

LightOpenCMS 0.1 (id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== LightOpenCMS 0.1 id Remote SQL Injection Vulnerability ======================================================== + LightOpenCMS id SQL Injection Vulnerability + Author: Mi4night +...

Irssi 0.8.13 - WALLOPS Message Off-by-One Heap Memory Corruption

Irssi 0.8.13 - WALLOPS Message Off-by-One Heap Memory Corruption source: https://www.securityfocus.com/bid/35399/info Irssi is prone to an off-by-one, heap-based, memory-corruption vulnerability because it fails to properly bounds-check user-supplied data before copying it into a memory buffer...