1147 matches found
XSS and CSRF vulnerability on Cpanel 11
DESCRIPTION OF THE SOFTWARE cPanel is a hosting automation tool. WHM interface provides access to the heart of the cPanel and WHM package and allows a Server Administrator to simply configure a few options and be on their way to hosting web sites. 2. DESCRIPTION OF THE VULNERABILITY There are...
reddot-sql.txt
RedDot CMS SQL injection vulnerability CVE Number: CVE-2008-1613 http://www.irmplc.com/index.php/167-Advisory-026 Vulnerability Type/Importance: SQL injection/Critical Problem Discovered: 12 February 2008 Vendor Contacted: 19 February 2008 Advisory Published: 21 April 2008 Abstract: The RedDot CM...
Simple PHP Blog Multiple Vulnerabilities
Secure Network - Security Research Advisory Vuln name: Simple PHP Blog Multiple Vulnerabilities Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions Systems not affected: - Severity: Medium Local/Remote: Remote Vendor URL: http://www.simplephpblog.com/ Authors:...
Microsoft Office Malformed Record Memory Corruption Vulnerability
Microsoft Office Malformed Record Memory Corruption Vulnerability By Sowhat of Nevis Labs 2006.10.10 http://www.nevisnetworks.com http://secway.org/advisory/AD20061010.txt Vendor Microsoft Inc. Affected: Microsoft Office 2000 Service Pack 3 Microsoft Office XP Service Pack 3 Microsoft Office 2003...
NOD32 local privilege escalation vulnerability
NOD32 local privilege escalation vulnerability Not affected: Version 2.51.26 Tested on: Winxp sp2 Risk: Average To escalate the system privilage, the option 'quarentine a file' in NOD32 can be exploited & a malicious file can be copied to the quarentine and using the 'restore to...' option it can...
Pubcookie application server modules contain cross-site scripting vulnerabilities
Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...
OS2A-1001.txt
OS2A ePing Arbitrary File Creation/Command Execution Vulnerability OS2A ID: OS2A1001 Status Published: 08/04/2005 Updated : 08/05/2005 Patch Released Class: File Creation/Command Execution Severity: CRITICAL Overview: ePing is a ping utility plugin for e107, a PHP-based content management system...
BusMail_SMTPDOS.pl.txt
Summary: Buffer overflow in BusinessMail email server system 4.60.00 http://www.netcplus.com/ Details: Input to the SMTP HELO and MAIL FROM: commands is not properly checked and/or filtered. Issuing a long argument to the HELO and MAIL FROM: commands will cause the corresponding process to die...
FTPshellDoS.txt
Summary: Denial of service vulnerability in FTPshell Server Version 3.38 http://www.ftpshell.com/ Details: Logging into the FTP server successfully and then closing the connection without using the QUIT command 39 times will cause the ftpshelld.exe process will die. Vulnerable Versions: FTPshell...
[AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote Buffer overflow in WebSphere Application Server Administrative Console AppSecInc Team SHATTER Security Advisory WEBSP05-V0098 http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html June 07, 2005 Risk level: HIGH Credits: This...
BizMail 2.1 Spam Exploit
Greetings all, Over the course of the last few months I've been the victim of repeated abuses of a web-based form commonly used for customer requests. This form can be downloaded here : http://www.bizmailform.com This form allowed a hacker to directly call the cgi, forge a referer url, and, with...
HP-UX PHCO_24868 : HP-UX running rlpdaemon, Remote Unauthorized Access, Increased Privilege (HPSBUX00163 SSRT071386 rev.2)
s700800 11.20 lpspool subsystem patch : Buffer overflow in rlpdaemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO24868. The text itself is copyright C Hewlett-Packard Development Company, L.P...
Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i
Researchers at NGSSoftware have discovered multiple high risk vulnerabilities in the Oracle Database Server. Versions affected include Oracle Database 10g - All Releases Oracle9i Database Server - All Releases The vulnerabilities include PL/SQL Injection vulnerabilities that allow low privileged...
Oracle clear text passwords (#NISR2122004D)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g clear text passwords Systems Affected: Oracle 10g on all operating systems Severity: Medium Risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...
[SA13352] FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability
TITLE: FreeBSD procfs/linprocfs Process Argument Vector Handling Vulnerability SECUNIA ADVISORY ID: SA13352 VERIFY ADVISORY: http://secunia.com/advisories/13352/ CRITICAL: Less critical IMPACT: Exposure of system information, Exposure of sensitive information, DoS WHERE: Local system OPERATING...
MS04-032: Security Update for Microsoft Windows (840987)
The remote host is missing a security update for Microsoft Windows 840987. The missing security update fixes issues in the following areas : - Window Management - Virtual DOS Machine - Graphics Rendering Engine - Windows Kernel A local attacker could exploit any of these vulnerabilities to cause ...
MS04-037: Vulnerability in Windows Shell (841356)
The remote version of Windows contains a flaw in the Windows Shell that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to lure a victim into visiting a malicious website or into opening a malicious file attachment. C Tenable...
[VulnWatch] Patch available for critical IBM DB2 Universal Database flaws
Researchers at NGSSoftware have discovered multiple critical/high risk vulnerabilities in IBM's DB2 Universal Database. Versions affected include DB2 8.1 Fixpak 7 and earlier IBM has updated Fixpak 6 and 7 to 6a and 7a to include fixes for these flaws. In all, 20 vulnerabilities, mostly remotely...
Mozilla contains heap overflow in UTF8 conversion of hostname portion of URLs
Overview A vulnerability in the way Mozilla and its derived programs handle certain malformed URLs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way that some versions of the Mozilla and Firefox web browsers, and...
Sun Enterprise Storage Manager may allow an unprivileged local user to gain root access
Overview A vulnerability exists in Sun StorEdge Enterprise Storage Manager ESM that may allow unauthorized local users to gain root privileges. Description The Sun StorEdge Enterprise Storage Manager ESM version 2.1 for the Sun SPARC platform may allow non-root local users assigned the "EMSUser"...