CVE-2006-1096

Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate...

capi4hylafax hylafax addon symbolic links problem

Symbolic links problem on creation of debug and log files...

crypt_blowfish cryptographic problem

Salt generation algorithm has high probability of salt duplication...

bzip2 bzgrep and gzip zgrep shell characters problem

Unfiltered characters in filename allow code execution...

net-snmp SNMP package fixproc utility symbolic link problem

Symbolic links problem on temporary files creation...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via 1 the day parameter in calendar.php and 2 the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained...

Mandrake Linux Security Advisory : ethereal (MDKSA-2005:193-2)

Ethereal 0.10.13 is now available fixing a number of security vulnerabilities in various dissectors : - the ISAKMP dissector could exhaust system memory - the FC-FCS dissector could exhaust system memory - the RSVP dissector could exhaust system memory - the ISIS LSP dissector could exhaust syste...

[Full-disclosure] IronWall webserver remote file access.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IronWall webserver 7.41 directory traversal - Software App: IronWall Webserver Version: 7.41 estable others not tested Platform: win32 Background Ironwall webserver is a small web server for win32 systems. It can be downloaded totally free at...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

Sony Instant Video Everywhere replay attacl cryptography problem

Password is encrypted without using challenge. It makes it possible to replay authentication again...

ImageMagic graphic utilities shell characters problem

Shell characters problem with image filenames...

Construct a special file name to bypass multiple anti-virus engine-vulnerability warning-the black bar safety net

Affected by the anti - virusengine: Kaspersky Antivirus Symantec AntiVirus F-Prot Antivirus ClamWin Antivirus Avast Antivirus RAV AntiVirus Microsoft AntiSpyware Tested version: Symantec AntiVirus Corporate 8.0 Kaspersky Antivirus Personal Pro 4.5.0.104 Kaspersky Antivirus For MS NTServer 4.5.0.1...

Panda Antivirus Detection and Status

Panda Antivirus, a commercial antivirus software package for Windows, is installed on the remote host. However, there is a problem with the installation; either its services are not running or its engine and/or virus definitions are out of date. C Tenable, Inc. include"compat.inc"; if description...

curl -- URL buffer overflow vulnerability

A Project cURL Security Advisory reports: libcurl's URL parser function can overflow a malloced buffer in two ways, if given a too long URL. 1 - pass in a URL with no protocol like "http://" prefix, using no slash and the string is 256 bytes or longer. This leads to a single zero byte overflow of...

php2018.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.18 SQL Query problem cXIb8O3.19 Author: Maksymilian Arciemowicz cXIb8O3 Date: 11.11.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d packag...

athena.txt

Language: PHP Script: Athena Version: 0.1a Official website: http://sourceforge.net/projects/athena Problem: Remote file inclusion Discovered by: beford & GB Description: =========== A simple website management system written in oo php that uses a mysql database to store user and group rights and...

YaSSL certificate chain validation problem

No description provided...

SMB4K KDE SMB/CIFS browser symbolic links ptoblem

It's possible to read content of /etc/sudoers and /etc/super.tab...

[SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness

-------------------------------------------------------------------------- Debian Security Advisory DSA 881-1 [email protected] http://www.debian.org/security/ Martin Schulze November 4th, 2005 http://www.debian.org/security/faq -...

Shopping Cart Arbitrary Command Execution (Hassan)

We detected the presence of the Shopping Cart CGI Hassan. A security problem in this CGI allows execution of arbitrary commands. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...