168 matches found
ThinkSNS V3任意删除评论 微博 转发漏洞
简要描述: 今天注册的v3测试下功能 发现v3问题很多 主要是在没有验证权限,只是单纯的在js上进行验证,下面是测试截图。 详细说明: 删除前: 删除中 修改uid和微博id 删除后: 漏洞证明:...
PT-2011-12: Information Disclosure in ManageEngine ServiceDesk Plus 8.0
Positive Research Center has discovered an information disclosure in ManageEngine ServiceDesk Plus. Incorrect privilege validation allows attackers with guest privileges account guest/guest to modify backup rights and use these new rights to create a backup copy in any folder. How to fix Update...
PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0
The specialists of the Positive Research center have revealed privilege gaining vulnerability in ManageEngine ServiceDesk Plus. Insufficient privilege validation allows attackers with guest privileges account guest/guest to create a user with servicedesk administrator privileges via HTTP GET...
Ubuntu 7.10 : hplip vulnerabilities (USN-674-2)
USN-674-1 provided packages to fix vulnerabilities in HPLIP. Due to an internal archive problem, the updates for Ubuntu 7.10 would not install properly. This update provides fixed packages for Ubuntu 7.10. We apologize for the inconvenience. It was discovered that the hpssd tool of hplip did not...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : hplip vulnerabilities (USN-674-1)
It was discovered that the hpssd tool of hplip did not validate privileges in the alert-mailing function. A local attacker could exploit this to gain privileges and send e-mail messages from the account of the hplip user. This update alters hplip behaviour by preventing users from setting alerts...
Ubuntu: Security Advisory (USN-674-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1451-1 (mysql-dfsg-5.0)
The remote host is missing an update to mysql-dfsg-5.0 announced via advisory DSA 1451-1. OpenVAS Vulnerability Test $Id: deb14511.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1451-1 mysql-dfsg-5.0 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...
Debian DSA-1451-1 : mysql-dfsg-5.0 - several vulnerabilities
Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3781 It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was...