ALiCE-CMS 0.1 - 'CONFIG[local_root]' Remote File Inclusion

+------------------------------------------------------------------------------------------- + ALiCE-CMS 0.1 CONFIGlocalroot Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: ALiCE-CMS 0.1 + Vendor...

Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: Xeobook = 0.93 Multiple SQL Injection Vulnerabilities Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: Xeobook = 0.93 Risk: Moderate Vendor Status: not contacted Vendor Site:...

[Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory: Xeobook = 0.93 Multiple SQL Injection Vulnerabilities Release Date: 10/12/2006 Last Modified: 10/12/2006 Author: Tamriel tamriel at gmx dot net Application: Xeobook = 0.93 Risk: Moderate Vendor Status: not contacted Vendor Site:...

mambo com_babackup Component <= 1.1 File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================== mambo combabackup Component = 1.1 File Include Vulnerability ============================================================== / Notes: globals bypass with a multipart/form-data...

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion / Notes: globals bypass with a multipart/form-data POST PHP4 = 4.4.0 PHP5 = 5.0.5 http://www.hardened-php.net/globals-problem /str0ke / C Y BE R - W A R R i O R T I M mambo combabackup 1.1 Component mosConfigabsolutepath Remote File...

USN-320-2: php4 regression

USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam caused a crash of the PHP interpreter in some circumstances. The updated packages fix this. We apologize for the inconvenience...

[MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities

MajorSecurity 25 Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities ---------------------------------------------------------------------------------------- Software: Advanced Guestbook for phpBB Version: 2.4 Type: Cross site scripting + SQL Injection Made public:...

CentOS 3 / 4 : SquirrelMail (CESA-2005:595)

An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...

CentOS 3 / 4 : squirrelmail (CESA-2006:0283)

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by...

CentOS 3 / 4 : squirrelmail (CESA-2006:0547)

An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found ...

RHEL 3 / 4 : squirrelmail (RHSA-2006:0547)

An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found ...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes a local file disclosure flaw is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found ...

FreeBSD : PHP -- multiple vulnerabilities (6821a2db-4ab7-11da-932d-00055d790c25)

A Secunia Advisory reports : Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. %NASLMINLEVEL 70300 C Tenable Network Security, In...

SUSE-SA:2006:024: php4,php5

The remote host is missing the patch for the advisory SUSE-SA:2006:024 php4,php5. This update fixes the following security issues in the scripting languages PHP4 and PHP5: - copy and tempnam functions could bypass openbasedir restrictions CVE-2006-1494 - Cross-Site-Scripting XSS bug in phpinfo...

RHEL 3 / 4 : squirrelmail (RHSA-2006:0283)

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2006:0283 An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update h...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by...

Multiple PHP4/PHP5 vulnerabilities

INFIGO IS Security Advisory ADV-2006-04-02 http://www.infigo.hr/ Title: Multiple PHP4/PHP5 vulnerabilities Advisory ID: INFIGO-2006-04-02 Date: 2006-04-24 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2006-04-02 Impact: Remote code execution and DoS Risk Level: Medium...

Ubuntu 4.10 : php4 vulnerabilities (USN-40-1)

Stefan Esser reported several buffer overflows in PHP's variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter's privileges by sending specially crafted input strings form data, cookie values, and similar. Additionally, Ilia...

Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...