3385 matches found
SQL injection in vBulletin forums (last10.php)
hi all, a new SQL injection found in VBulletin Forums 3.0.x the Vulnerabilite found in last.php, last 10 topics hack. last.php?fsel=,user.password20as20title,user.20 202020username20as20lastposter20FROM20user, thread2020202020WHERE20usergroupid=620LIMIT 201 to solve the problem delet fsel? from...
04WebServer Three Vulnerabilities
Summary 04WebServer is a HTTP server developed by Soft3304 for Windows platforms. It is an easy-to-configure personal HTTP server that supports CGI, SSI, WebDAV and SSL/TLS. This advisory documents three vulnerabilities that were found in version 1.42 of 04WebServer. Tested System 04WebServer...
Gentoo symbolic links problem
dispatch-conf and dpkg symbolic links problem...
DSA-590-1 gnats - format string vulnerability
Bulletin has no description...
[SECURITY] [DSA 580-1] New iptables packages fix modprobe failure
-------------------------------------------------------------------------- Debian Security Advisory DSA 580-1 [email protected] http://www.debian.org/security/ Martin Schulze November 1st, 2004 http://www.debian.org/security/faq -...
Netatalk symbolic links problem
Symboli links problem in etc2ps.sh script...
OpenSSL symbolic links problem
derchop Script symbolic links problem...
Debian DSA-457-1 : wu-ftpd - several vulnerabilities
Two vulnerabilities were discovered in wu-ftpd : - CAN-2004-0148 Glenn Stewart discovered that users could bypass the directory access restrictions imposed by the restricted-gid option by changing the permissions on their home directory. On a subsequent login, when access to the user's home...
DSA-553-1 getmail - symlink vulnerability
Bulletin has no description...
jabberd -- denial-of-service vulnerability
José Antonio Calvo discovered a bug in the Jabber 1.x server. According to Matthias Wimmer: Without this patch, it is possible to remotly crash jabberd14, if there is access to one of the following types of network sockets: Socket accepting client connections Socket accepting connections from oth...
GNU Rarius SNMP integer overflow
Integer overflow leads to unallocated memory access...
Net-Acct symbolic links problem
Symbolic links problem on temporary files creation in "writelist" and "dumpcurrlist" functions...
Weak SSH default ocnfiguration
TCP forwarding is allowed by default, it creates security problem for anonymous SSH access for example with CVS...
CVE-2002-1196
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set...
CVE-1999-1520
A configuration problem in the Ad Server Sample directory AdSamples in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information...
imwheel symbolic links problem
PID file is created in /tmp directory...
SUSE-SA:2004:026: rsync
The remote host is missing the patch for the advisory SUSE-SA:2004:026 rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute...
Nessus symbolic links problem
adduser temporayr files symlink problem...
JetboxOne may allow unauthorized users to execute arbitrary code
Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...
Mandrake Linux Security Advisory : cups (MDKSA-2003:001)
iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be...