phpLocal.txt

Affected versions: php 5.1.4 and older, 4.4.3 and possibly older Cause: when php-s sscanf functions format argument contains argument swap and extra arguments are given like. sscanf'foo ','$1s',$bar then it reads an pointer to pointer to zval structure past the end of argument array by one. Php...

SquirrelMail 1.4.8 released - fixes variable overwriting attack

Hello all, Today SquirrelMail version 1.4.8 has been released with a collection of bugfixes and an important security fix. It was possible for an authenticated user to overwrite random variables in the compose.php script. This may open up possible attack vectors like reading or overwriting a user...

DSA-1073-1 mysql-dfsg-4.1 - several vulnerabilities

Bulletin has no description...

Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL

/ 0day, description is wrong. /str0ke / / Fucking NON-0 day$ exploit for Oracle 10g 10.2.0.2.0 Patch your database now! by N1V1Hd $3c41r3 / CREATE OR REPLACE PACKAGE MYBADPACKAGE AUTHID CURRENTUSER IS FUNCTION ODCIIndexGetMetadata oindexinfo SYS.odciindexinfo,P3 VARCHAR2,p4 VARCHAR2,env SYS.odcie...

FreeBSD-SA-06:14.fpu

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:14.fpu Security Advisory The FreeBSD Project Topic: FPU information disclosure Category: core Module: sys Announced: 2006-04-19 Credits: Jan Beulich Affects:...

PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)

---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...

EasyCMS vulnerable to XSS injection.

The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...

FreeBSD-SA-06:01.texindex

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo Announced: 2006-01-11...

2 0 0 3 terminal encounter weirdness-loophole warning-the black bar safety net

The day before yesterday a new installation of a single server, plan to install a 2 0 0 3 system is installed, patched, open a terminal, but the strange things, the landing terminal when a den is automatically logged off. Create a new account, and then login is the same. In desperation did a...

FreeBSD-SA-05:17.devfs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:17.devfs Security Advisory The FreeBSD Project Topic: devfs ruleset bypass Category: core Module: devfs Announced: 2005-07-20 Credits: Robert Watson Affects:...

sile002adv.txt

---- sile002 advisory + PoC PRODUCT: PHP-Nuke VERSION: 7.5 but others versions maybe either vulnerables VENDOR: http://www.phpnuke.org VULNERABILITY: Multiple vulnerability RISK: Hight Found by: Silentium of Anacron Group Italy date: 02/05/2005 e-mail: anacrongroupitalyatautisticidotorg myhome:...

Problems with the Oracle Critical Patch Update for April 2005

Hey all, Whilst analyzing Oracle's Critical Patch Update for April 2005 I noticed some failures in it, that meant certain issues the patch was supposed to fix were actually left unfixed. One set of vulnerabilities "fixed" by the April CPU is a group of SQL injection bugs in DBMSSUBSCRIBE and...

FreeBSD-SA-05:16.zlib

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:16.zlib Security Advisory The FreeBSD Project Topic: Buffer overflow in zlib Category: core Module: libz Announced: 2005-07-06 Credits: Tavis Ormandy Affects:...

[SA15226] OpenView Event Correlation Services Unspecified Vulnerabilities

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: OpenView Event Correlation Services Unspecified...

[SA14971] Solaris Unspecified Generic Security Services Library Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Solaris Unspecified Generic Security Services Library...

FreeBSD Security Advisory FreeBSD-SA-05:02.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:02.sendfile Security Advisory The FreeBSD Project Topic: sendfile kernel memory disclosure Category: core Module: syskern Announced: 2005-04-04 Credits: Sven...

Cisco FWSM Vulnerabilities

...

FreeBSD-SA-01:28.timed

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:28 Security Advisory FreeBSD, Inc. Topic: timed allows remote denial of service Category: core Module: timed Announced: 2001-03-12 Credits: Discovered during internal...

CVE-2018-4829

...

CVE-2025-54978

...