PBLang <= v4.66z (temppath) Remote File Inclusion Exploit

ToXiC Polaring Remote File Include BuG FounD by Drago84 Application Affect: Polaring Remote File Include Source Code: http://sourceforge.net/project/showfiles.php?groupid=150989&packageid=166837&releaseid=444225 Problem: require$SESSION'dirMain'.'/view/css.php';...

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion

Mambo Component bigAPE-Backup 1.1 - Remote File Inclusion / Notes: globals bypass with a multipart/form-data POST PHP4 = 4.4.0 PHP5 = 5.0.5 http://www.hardened-php.net/globals-problem /str0ke / C Y BE R - W A R R i O R T I M mambo combabackup 1.1 Component mosConfigabsolutepath Remote File...

Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ Chaussette = 080706 BASE Remote File Include Vulnerabilities ================================================================ Chaussette Remote File Inclusion CreW: ToXiC Bug...

Bad ext3/nfs DoS bug

I've tried contacting the relevant maintainers directly, and it's even in the kernel bugzilla, but nothing's happened and it's been over a month now. No-one seems to be doing anyting about this. Is one meant to post this to bugtraq or what? Here's the bug:...

[Full-disclosure] Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0011 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Horde 3.1.1, 3.0.10 Multiple Security Issues +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON July 05, 2006 PUBLISHED AT...

FreeBSD : horde -- various problems in dereferrer (e94cb43d-0c4a-11db-9016-0050bf27ba24)

Horde 3.1.2 release announcement : Security Fixes : - Closed XSS problems in dereferrer IE only, help viewer and problem reporting screen. - Removed unused image proxy code from dereferrer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

horde -- various problems in dereferrer

Horde 3.1.2 release announcement: Security Fixes: Closed XSS problems in dereferrer IE only, help viewer and problem reporting screen. Removed unused image proxy code from dereferrer...

kdebase kdm local file reading vulnerability

New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...

OS Security Patch Assessment Failed

OS Security Patch Assessment is not available for this host because either the credentials supplied in the scan policy did not allow Nessus to log into it or some other problem occurred. TRUSTED...

CVE-2006-2839

Directory traversal vulnerability in PG Problem Editor module PGProblemEditor.pm in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory...

CVE-2006-2839

CVE-2006-2839 affects WeBWorK Online Homework Delivery System (2.2.0 and earlier) via the PGProblemEditor.pm module. The vulnerability is a directory traversal that allows remote attackers to read and write files outside the templates directory. Exploitation details, affected versions, and precis...

CVE-2006-2839

Directory traversal vulnerability in PG Problem Editor module PGProblemEditor.pm in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory...

MDKSA-2006:090 : shadow-utils

A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before...

CVE-2006-2201

Unspecified vulnerability in CA Resource Initialization Manager CAIRIM 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key...

Integer overflow

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings...

CVE-2005-4778

The CVE-2005-4778 entry concerns SUSE Linux 10.0 (before 20051007). A configuration problem in the powersave daemon is described as allowing local users to suspend the computer and potentially perform other unauthorized actions. The available documents do not specify the underlying root cause, th...

fbida symbolic links problem

fbgs script insecure temporary files creation...

NotSoGenius.txt

Software Vulnerable Genius VideoCAM NB Driver http://download.geniusnet.com.tw/CAMERA/webnb.zip Other genius webcams with the same 'snapshot feature' might be affected with the same issue, if you have any of those please try to reproduce this issue. Affects: Windows XP / Windows 2000 Proof of...

CVE-2006-1096

Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate...

Cross site scripting

DISPUTED Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a...