Cedric Email Reader 0.4 Global Configuration Script Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the...

MyServer 0.4.1/0.4.2 HTTP Server Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7944/info The MyServer HTTP server is prone to a file disclosure vulnerability. Encoded directory traversal sequences may be used to break out of the web root directory. Attackers may gain access to files that are readabl...

MyDMS 1.4 - SQL Injection Vulnerability And Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. The SQL injection vulnerability is present because a script improperly sanitizes user-supplied dat...

phpMyAdmin 2.x Export.PHP File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9564/info phpMyAdmin is prone to a vulnerability that may permit remote attackers to gain access to files that are readable by the hosting web server. The issue is reported to exist in the 'export.php' script and may be...

Basilix Webmail 1.0 File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2995/info Basilix is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support. During operation, Basilix opens a PHP include file using a variable as the...

Linux Kernel 2.2.x Non-Readable File Ptrace Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2044/info Ptrace is a unix system call that is used to analyze running processes, usually for breakpoint debugging. The linux implementation of ptrace in 2.2.x kernels and possibly earlier versions contains a vulnerabilit...

SCO Unixware 7.1 '/var/mail' permissions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/849/info Certain versions of SCO's UnixWare only 7.1 was tested ship with the /var/mail/ directory with permission 777-rwxrwxrwx . This in effect allows malicious users to read incoming mail for users who do not yet have ...

Working Resources BadBlue 1.5/1.6 Triple-Dot-Slash Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4179/info Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. BadBlue is prone to directory traversal attacks. It is possible for a remote...

PHP Nuke 5.0 'user.php' Form Element Substitution Vulnerabilty

No description provided by source. source: http://www.securityfocus.com/bid/3107/info PHP-Nuke is a website creation/maintenance tool written in PHP3. If a malicious user may subtitute arbitrary values for image form elements in the PHP-Nuke User Registration Form by saving the webpage locallyas...

SGI IRIX 6.2 cgi-bin wrap Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/373/info A vulnerability exists in the cgi-bin program 'wrap', as included with Irix 6.2 from SGI. A failure to validate input results in a vulnerability that allows any remote attacker to view the contents of any world...

Intel Corporation Shiva Access Manager 5.0 Solaris World Readable LDAP Password

No description provided by source. source: http://www.securityfocus.com/bid/1329/info The Shiva Access Manager is a solution for centralized remote access authentication, authorization, and accounting offered by Intel. It runs on Solaris and Windows NT. Shiva Access Manager is vulnerable to a...

dsm light web file browser 2.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10381/info DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue would allow an attacker...

MySimpleNews 1.0 - Remotely Readable Administrator Password Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5866/info MySimpleNews stores the administrative password in clear text in a remotely viewable HTML file. Any remote user can view the contents of the HTML file to determine the administrator password. The administrator...

ibm informix web datablade 3.x/4.1 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3575/info Informix is an enterprise database distributed and maintained by IBM. The Web Datablade Module for Informix SQL is used to provide wbBinaries for storing large binary resources such as images, sounds, etc. The W...

NetSuite 1.0/1.2 HTTP Server Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8197/info The HTTP component of NetSuite has been reported prone to a directory traversal vulnerability. Various combinations of encoded directory traversal sequences may be used to break out of the web root directory...

New Oil and Natural Gas ONG-ISAC Launches

Energy utilities certainly have not been spared by hackers who for years have targeted vulnerabilities in process control systems and networks with alarming success. In a move to close the gap and keep that corner of the U.S.’ critical infrastructure secure, a new information sharing group popped...

openSUSE Security Update : samba (openSUSE-SU-2013:1921-1)

" - Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; bnc844720. + pamwinbind login without requiremembershipof restrictions; CVE-2012-6150; bnc853347. - Make use of the full gpg pub key file name including the key ID. - Add transparent file compression...

openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)

gnash used predictable and world readable temporary file names to store HTTP cookies %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-164. The text description of this plugin is C...

Design/Logic Flaw

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file...

CVE-2013-2563

CVE-2013-2563 affects Mambo CMS 4.6.5. The issue is world-readable permissions on configuration.php, enabling local users to read the admin password hash. The connected documents confirm the affected product and the root cause, but do not provide a remediation or exploit details. Action: monitor ...