simpnews24103-xss.txt

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

Recently updated links for users with personal spaces link to profile if personal space is not accessible

Users without the global access right for personal space can still see links to personal spaces in the "Recently updated" list on their dashboard. This is a serious security problem for extranets, when one wants to prevent non anonymous external users to see who's using the wiki. Note: this probl...

Recently updated links for users with personal spaces link to profile if personal space is not accessible

Users without the global access right for personal space can still see links to personal spaces in the "Recently updated" list on their dashboard. This is a serious security problem for extranets, when one wants to prevent non anonymous external users to see who's using the wiki. Note: this probl...

[Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem

Advisory: ActiveWeb Contentserver CMS Editor Permission Settings Problem RedTeam Pentesting discovered a problem with the permission settings in the management interface of the activeWeb contentserver CMS during a penetration test. The ability of an editor to create and edit documents can be...

Juniper Steel Belted RADIUS CRL access problem

Certificates revocation list download ffeature doesn't work...

Chi Bo room billing system-free Internet access-vulnerability warning-the black bar safety net

My school electronic reading room available on this system. 搹 犸 欕 a? 曧 l ? 駥 ? Would have been sheer curiosity,in the online search a half a day also no results,had to their own research. Chamber 5 狌 d 倅? ��2?? 鑡? Where method A is theoperating systemof the problem,method, two, three, four is a...

Low unzip security and bug fix update

5.51-9.EL4.5 - Resolves: 230558 problem in patch4 unzipped file permissions 5.51-8.EL4.5 - fix problem with 4GB files which are not compressed 5.51-7.EL4.5 - fix 164927 - TOCTOU issue in unzip - fix 178960 - unzip long filename buffer overflow - fix 199104 - add large file support return Lon's 4G...

plphp-multi.txt

. . . . | . .| . .;/ || Infos --------- Date : 2007-04-10 Product : pL-PHP Version : beta 0.9 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/pl-php/ - http://www.karlcore.com/programming/blog/ Vendor Status : 2007-04-10 - Not Informed! Description : pL-PHP is a ne...

pL-PHP beta 0.9 - Multiple Vulnerabilities

. . . . | . .| . .;/ || .| .net | .| "pL-PHP beta 0.9 - MULTIPLE VULNERABILITIES" by Omni 1 Infos --------- Date : 2007-04-10 Product : pL-PHP Version : beta 0.9 - Prior version maybe also be affected Vendor : http://sourceforge.net/projects/pl-php/ - http://www.karlcore.com/programming/blog/...

PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusions

-------------------------------------------------------- php-generics 1.0 Remote File Inclusion Vulnerabilities -------------------------------------------------------- Software: php-generics 1.0Beta Vendor: http://ie.archive.ubuntu.com/sourceforge/p/ph/php-generics/php-generics-1.0.0-beta.zip...

IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net

This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE security problems, in the service end through the mhtml redirection...

Apache, IIS and other http servers allow by sending a carriage return character forged log-vulnerability warning-the black bar safety net

Description: The majority of the http server receives contains%0d%0a the request resolves to a carriage return and in the log wraps, the use of this A feature can be falsification of logs. Details: Most http servers support-such as%0 0 encoding of request, the main purpose is to provide reliable...

CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ GnuPG and GnuPG clients unsigned data injection vulnerability Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 -...

CVE-2007-1161

Cross-site scripting XSS vulnerability in callentry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problemdesc parameter, as demonstrated by the ONLOAD attribute of a BODY element...

Linux SCSI devices unauthorized access

pam module problem allows console users to access generic SCSI and pseudo-SCSI devices directly...

SUSE-SA:2006:043: apache,apache2

The remote host is missing the patch for the advisory SUSE-SA:2006:043 apache,apache2. The following security problem was fixed in the Apache and Apache 2 web servers: modrewrite: Fix an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer...

SUSE-SA:2007:005: w3m

The remote host is missing the patch for the advisory SUSE-SA:2007:005 w3m. A format string problem in w3m -dump / -backend mode could be used by a malicious server to crash w3m or execute code. In SUSE Linux 10.1, openSUSE 10.2 and SUSE Linux Enterprise Server and Desktop 10 this problem was not...

SUSE-SA:2006:032: sendmail

The remote host is missing the patch for the advisory SUSE-SA:2006:032 sendmail. The Mail Transfer Agent sendmail has a remote exploitable problem, where a specially crafted MIME messages can crash sendmail and block queue processing. This issue is tracked by the Mitre CVE ID CVE-2006-1173 and CE...

Windows Live OneCare Antivirus Detection

Windows Live OneCare antivirus, a commercial antivirus software package for Windows, is installed on the remote host; however, there is a problem with the install in that either its services are not running, or its engine and/or virus definition are out of date. %NASLMINLEVEL 999999 C Tenable...

Microsoft Windows XMLHTTP proxy problem

Because of insufficient request validation Msxml2.XMLHTTP ActiveX object can be used to proxy HTTML request via client browser...