4515 matches found
russian-multi.txt
Dear [email protected], Vulnerabilities reported by different Russian speaking authors to http://securityvulns.ru 1. ElektAntichat.ru reports protection bypass vulnerability in PHP 4 and 5. disablefunctions feature can be bypassed by using functions alias. A list of aliases is given in...
Microsoft Visual Studio RPT File Handling Code Execution (MS07-052; CVE-2006-6133)
Crystal Reports is a software used for designing and generating reports from numerous data sources. A buffer overflow vulnerability has been identified in Business Objects Crystal Reports. A remote attacker could trigger this flaw by convincing a victim to open a specially crafted Crystal Reports...
AWStats is Openly Accessible
The remote web server is running a version of AWStats that seems to be accessible to the entire Internet. Exposing AWStats unprotected to the entire Internet can aid an attacker in gaining further knowledge of the web server and its contents therein. An attacker may gain access to administrative...
MS07-052: Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
The remote host is running a version of Microsoft Visual Studio that may allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in th...
Microsoft Security Bulletin MS07-052 - Important
Microsoft Security Bulletin MS07-052 - Important Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution 941522 Published: September 11, 2007 Version: 1.0 General Information Executive Summary This important security update resolves a publicly disclosed vulnerability...
Trend Micro ServerProtect - eng50.dll Remote Stack Overflow
Trend Micro ServerProtect - eng50.dll Remote Stack Overflow / Copyright c 2007 devcode ^^ D E V C O D E ^^ Trend Micro ServerProtect eng50.dll Stack Overflow CVE-2007-1070 Description: A boundary error within a function in eng50.dll can be exploited to cause a stack-based buffer overflow via a...
Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence
'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...
Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence
'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...
[SECURITY] Fedora 7 Update: denyhosts-2.6-5.fc7
DenyHosts is a Python script that analyzes the sshd server log messages to determine which hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host and, upon discovering a repeated attack...
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability
TPTI-07-09: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-07-09 June 4, 2007 -- CVE ID: CVE-2007-2419 -- Affected Vendor: Macrovision -- Affected Products: Update Service 3.x Update Service 4.x Update Service 5.x FLEXnet...
Design/Logic Flaw
Bradford CampusManager Network Control Application Server 3.16 allows remote attackers to obtain sensitive information backup, log, and configuration files via direct request for certain files in 1 /runTime/ or 2 /remediationReports/...
Crlf injection
CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the lang parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We d...
CNStats 2.9 (who_r.php) Remote File Include Vulnerability
CNStats 2.9 whor.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- Scripts : CNStats 2.9 Discovered By : irvian scripts site : http://www.cnstats.com/ dork : "CNStats 2.9"...
CNStats 2.9 (who_r.php bj) Remote File Inclusion Vulnerability
No description provided by source. CNStats 2.9 whor.php Remote File Include Vulnerability ----------------------------------------------------------------------------------------- Scripts : CNStats 2.9 Discovered By : irvian scripts site : http://www.cnstats.com/ dork : "CNStats 2.9"...
CNStats 2.9 (who_r.php bj) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================== CNStats 2.9 whor.php bj Remote File Inclusion Vulnerability ============================================================== CNStats 2.9 whor.php Remote File Include Vulnerabilit...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desctitle field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports vali...
Directory traversal
Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. dot dot in the dprivate parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version...
Directory traversal
Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. dot dot in the dprivate parameter. NOTE: Drake CMS has only a beta version available, and the...
Design/Logic Flaw
Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors...
CVE-2007-1261
Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors...