4596 matches found
kapda-phpp.txt
KAPDA New advisory Vendor: http://www.php-post.co.uk/ Vulnerable Version: v1.0 Bug: XSS and HTML Injection Exploitation: Remote with browser Description: -------------------- PHPP is a free message board powered by PHP and MySQL. Vulnerability: -------------------- HTML Injection: The software do...
CVE-2005-3845
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this...
CVE-2005-3845
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this...
SEC-20051107-0.txt
SEC-CONSULT Security Advisory 20051107-0 ============================================================================= title: toendaCMS multiple vulnerabilites program: toendaCMS vulnerable version: .xml, where is string composed of 5 bytes e.g. 2ac336ff0d.xml. Each XML file contains username...
Dell OpenManage Web Server <= 3.7.1
Dell OpenManage Web Servers 3.2.0-3.7.1 are vulnerable to a heap based buffer overflow attack. A proof of concept denial of service attack has been released. SPDX-FileCopyrightText: 2004 Tomi Hanninen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
EZsite Forum Discloses Passwords to Remote Users
The remote host is running EZsite Forum. It is reported that this software stores usernames and passwords in plaintext form in the 'Database/EZsiteForum.mdb' file. A remote user can reportedly download this database. OpenVAS Vulnerability Test $Id: EZsiteForum.nasl 6703 2017-07-12 13:57:25Z...
WoltlabSQL.txt
Woltlab Burning Board infodb.php multiple SQL injection -discovered by R Vendor: "Trooper" URL: www.wbbcoderforum.de Version: = 2.7 Type: SQL-injection Description: ------------------------ Info-DB is a very powerful and popular download-module with many features. Information:...
myBloggie "username" SQL Injection Vulnerability
Secunia Advisory: SA16699 Release Date: 2005-09-05 Critical: Moderately critical Impact: Security Bypass Manipulation of data Where: From remote Solution Status: Vendor Patch Software: myBloggie 2.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it...
Exploit Labs Security Advisory 2005.10
------------------------------------------------------------ - EXPL-A-2005-010 exploitlabs.com Advisory 039 - ------------------------------------------------------------ - Mac OSX Server weblog - AFFECTED PRODUCTS ================= Mac OSX 10.4.0 Weblog Server http://apple.com OVERVIEW ========...
[Full-disclosure] Apple Mac Tiger 10.4 weblog server
------------------------------------------------------------ - EXPL-A-2005-010 exploitlabs.com Advisory 039 - ------------------------------------------------------------ - Mac OSX Server weblog - AFFECTED PRODUCTS ================= Mac OSX 10.4.0 Weblog Server http://apple.com OVERVIEW ========...
HPRadiaManagement.txt
NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors:...
[VulnWatch] Buffer overflow vulnerability in VERITAS Software Backup Exec Web Administration Console (BEWAC)
Mark Litchfield of NGSSoftware has discovered a high risk vulnerability in the in VERITAS Software Backup Exec Web Administration Console BEWAC which can allow for remote code execution. Affected Products include - Backup Exec 10.0 for Windows Servers rev. 5484 Backup Exec 9.1 for Windows Servers...
phpBBkbmod.txt
phpBB - Knowledge Base MOD SQL-Injection vulnerability and Full Path Disclosure Discovered by R and deluxe89 Discussion: The phpbb - Knowledge Base MOD has a relatively hard to exploit SQL-Injection vulnerability. However, an attacker can exploit this bug and receive informations from the databas...
Darryl Burgdorf Webhints Remote Command Execution Vulnerability
Description Darryl Burgdorf Webhints is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Technologies Affected Colored Scripts Easy Message Board Darryl Burgdorf Webhints 1.3.0 Recommendations Block...
Golden FTP Server Pro 2.52 - Remote Buffer Overflow (2)
Golden FTP Server Pro 2.52 - Remote Buffer Overflow 2 / Golden FTP Server Pro remote stack BOF exploit author : c0d3r "kaveh razavi" [email protected] [email protected] risk : highly critical vender status : no patch released , all targets are vuln package : golden-ftp-server-pro 2.5.0.0 and...
Tcpdump 3.8.x (ldp_print) Infinite Loop Denial of Service Exploit
Exploit for linux platform in category dos / poc ================================================================= Tcpdump 3.8.x ldpprint Infinite Loop Denial of Service Exploit ================================================================= / tcpdump3.8.x: LDP ldpprint infinite loop DOS. by:...
Gaim vulnerable to malformed SNAC packet infinite processing loop
Overview Gaim contains a flaw in the processing of certain packets that may cause a denial of service. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar protocol, MSN Messenger,...
Squid fails to parse empty access control lists correctly
Overview The Squid web proxy cache may fail to handle empty Access Control Lists ACLs in the intended manner. Description Squid functions as a web proxy and cache application for a number of protocols. However, Squid Access Control List ACL routines may not parse an empty list as intended. An emp...
[SA14131] Claroline Add Course Script Insertion Vulnerability
TITLE: Claroline Add Course Script Insertion Vulnerability SECUNIA ADVISORY ID: SA14131 VERIFY ADVISORY: http://secunia.com/advisories/14131/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Claroline 1.x http://secunia.com/product/4607/ DESCRIPTION: Yiannis Girod...
Squid fails to properly handle oversized reply headers
Overview The Squid web proxy cache may be vulnerable to oversized HTTP reply headers. Description Squid functions as a web proxy and cache application for a number of protocols, including the hypertext transfer protocol HTTP. A defect in the Squid HTTP handling prevents oversized reply headers...