626 matches found
CVE-2006-2898
The IAX2 channel driver chaniax2 for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service crash and execute arbitrary code via truncated IAX 2 IAX2 video frames, which bypasses a length check and leads to a buffer overflow involving negative...
Kmail <=2.3 vuln.
Kmail =2.3 vuln. Vulnerability discovered by : r0t Date: 28 april 2006 vendorlink:www.webofall.com/displaynews.php?id=4 affected versions:2.3 and prior orginal advisory:http://pridels.blogspot.com/2006/04/kmail-23-vuln.html Vuln. Description: 1. Multiple Cross-Site Scripting attack vulnerabilitie...
[Full-disclosure] Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.
--Security Report-- Advisory: CoreNews = 2.0.1 Multiple Remote Vulnerabilities. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 21/04/06 21:43 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: CoreNews http://www.coreslawn.de/...
dForum 1.5 - 'DFORUM_PATH' Multiple Remote File Inclusions
dForum ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploit works on dForum about.php admin.php anmelden.php closethread.php config.php delpost.php delthread.php dfcode.php download.php editanoc.php forum.php login.php makethread.php menu.php newthread.php openthread.php...
EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.
--Security Report-- Advisory: EzASPSite = 2.0 RC3 Remote SQL Injection Exploit Vulnerability. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 29/03/06 21:33 PM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: EzASPSite...
EzASPSiteSQL.txt
--Security Report-- Advisory: EzASPSite http://victim/EZASPDir/Default.asp?Scheme=SQL EXAMPLE - http://victim/EZASPDir/Default.asp?Scheme=-1+UNION+SELECT+0,0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,...
Connect Daily Web Calendar Software Multiple XSS vuln.
Connect Daily Web Calendar Software Multiple XSS vuln. Vuln. discovered by : r0t Date: 27 march 2006 vendor:http://www.mhsoftware.com/connectdaily.htm affected versions:3.2.9 and prior orginal advisory:http://pridels.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html Vuln. description:...
CONTROLzx HMS - Hosting Management System vuln.
CONTROLzx HMS - Hosting Management System vuln. Vuln. discovered by : r0t Date: 27 march 2006 vendor:http://front.controlzx.com/ affected versions:V.3.3.4 and prior orginal advisory:http://pridels.blogspot.com/2006/03/controlzx-hms-hosting-management.html Vuln. description: CONTROLzx HMS contains...
Sql injection
DISPUTED SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely fr...
CVE-2006-0897
SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
kapda-26.txt
KAPDA New advisory Vendor: http://www.jaia-interactive.com Vulnerable: Version: 1.2.3 Bug: Sql Injection & Path Disclosure Exploitation: Remote with browser Description: -------------------- MyTopix is a PHP-based message board system that uses a MySQL database. Vulnerability: -------------------...
Blog System v1.2 SQL inj. vuln.
Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...
CVE-2005-4003
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions ASPS Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the 1 srchproductname parameter to advsearch.asp and 2 bsearch parameter to...
FAQ System 1.1 SQL inj. vuln.
FAQ System 1.1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/faq-system-11-sql-inj-vuln.html Vendor:http://ilyav.net/?q=node/23 affected version: 1.1 and prior Product Description: This extremely detailed Frequently Asked Questions...
HelpDeskPoint Free Help Desk Software SQL inj.
HelpDeskPoint Free Help Desk Software SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/helpdeskpoint-free-help-desk-software.html Vendor:http://helpdeskpoint.com affected version: 2.38 and prior Product Description: HelpDeskPoint.com Welcom...
Survey Wizard "sid" SQL injection vuln.
Survey Wizard "sid" SQL injection vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html Vendor:http://www.phplabs.com/ Product link:http://www.phplabs.com/scripts.php?script=Survey20Wizard affected version:...
CVE-2005-1487
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the 1 cartid parameter to upstnt.php or 2 psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is...
DEBIAN-CVE-2005-1228
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. dot dot in the original filename within a compressed file...
DEBIAN-CVE-2005-0206
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 CVE-2004-0888 is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities...
phpBBupload.txt
Advisory 1 "phpBB Upload Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: [email protected] - [email protected] $ Date: 7 April 2005 $ Website: http://defacers.com.mx $ Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor URL:...