[Full-disclosure] Papoo CMS 3.6 - Access Restriction Bypass

Papoo Content Management System Backend Access Restriction Bypass Jun 24 2007 Product Papoo Content Management System Vulnerable Versions Papoo 3.6 and maybe prior Vendor Status The Vendor was notified and the issue was fixed. A patch is available at...

Solaris 10 (sparc) : 119466-17 (deprecated)

Sun JavaTM System Access Manager 6 2005Q1. Date this patch was last updated by Sun : Jun/29/09 This plugin has been deprecated and either replaced with individual 119466 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@...

Code injection

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...

CVE-2007-0246

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...

CVE-2007-0752

The PPP daemon pppd in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check...

CVE-2007-0752

The PPP daemon pppd in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check...

Fedora Core 6 : gimp-2.2.14-5.fc6 (2007-489)

The GIMP package in Fedora includes a helper script /usr/sbin/gimp-plugin-mgr for plugins contained in other packages, for example, xsane-gimp. This script manages symlinks from the GIMP plugin directory which may change between upgrades to the actual location of the plugins. A bug has been fixed...

adv82-K-159-2007.txt

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV82$2007 ----------------------------------------------------------------------------------------- ECHOADV82$2007 wordpress plugins wp-Table = 1.43 incdir Remote File Inclusion Vulnerability...

[ECHO_ADV_82$2007] wordpress plugins wp-Table <= 1.43 (inc_dir) Remote File Inclusion Vulnerability

/ / | | / // / | | Y / | / / /| / / / / / / .OR.ID ECHOADV82$2007 ----------------------------------------------------------------------------------------- ECHOADV82$2007 wordpress plugins wp-Table = 1.43 incdir Remote File Inclusion Vulnerability...

CVE-2007-2193

ACDSee 9.0 (Build 108), ACDSee Pro 8.1 (Build 99), and ACDSee Photo Editor 4.0 (Build 195) are affected by a stack-based buffer overflow in the ID_X.apl plug-in when parsing XPM images. The vulnerability, triggered by a crafted XPM file with a long section string, allows a user-assisted remote at...

Web Slider 0.6 - 'path' Remote File Inclusion

Web Slider 0.6pathRemote File Inclusion Vulnerabilities D.Script: http://sourceforge.net/projects/webslider/ Discovered by: GolDM = Mahmoodali Homepage: http://Www.Tryag.Com/cc Exploit:Path/index.php?path=Shell Exploit:Path/modules/pdf.php?path=Shell Exploit:Path/plugins/highlight.php?path=Shell...

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

Binary data 3947.prm...

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS ...

InstallShield multiple security vulnerabilities

ActiveX elements and brwser plugins vulnerabilities...

Unfixed XSS vulnerability at eclipse-plugins.2y.net

Security researcher RubberDuck, has submitted on 23/02/2007 a cross-site-scripting XSS vulnerability affecting eclipse-plugins.2y.net, which at the time of submission ranked 21219 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/02/2007. It i...

[ECHO_ADV_64$2007] Openi CMS plugins &#40;site protection&#41; remote file inclusion

------------------------------------------------------------------------------------ ECHOADV64$2007 Openi CMS plugins site protection remote file inclusion ------------------------------------------------------------------------------------ Author : Ahmad Muammar W.K a.k.a y3dips Date Found :...

DEBIAN-CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6344

Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to 1 plugins/ipsearch/ipsearch.admin.php, and 2 pfs/pfs.edit.inc.php, 3 users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by...