70 matches found
DEBIAN-CVE-2012-2241
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted 1 .dsc or 2 .changes file, probably related to a NULL byte in a filename...
Mailman: Three XSS flaws due improper escaping of the full name of the member
Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...
RedHat Update for thunderbird RHSA-2010:0780-01
Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2010:0780-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
security flaw
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...
security flaw
mysqlinstalldb in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysqlinstalldb.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents...
Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion
The remote host is running Siteframe, an open source content management system using PHP and MySQL. The installed version of Siteframe does not properly sanitize the 'LOCALPATH' parameter of the 'siteframe.php' script before using it to include files. By leveraging this flaw, an attacker is able ...
PAFileDB Multiple Script Error Message Path Disclosure
There is a flaw in the remote version of paFileDB that may let an attacker obtain the physical path of the remote installation by sending a malformed request to one of the scripts 'admins.php', 'category.php', or 'team.php'. This information may help an attacker make more focused attacks against...
diginews.txt
Digi-news and Digi-ads version 1.1 admin access without password .oO Overview Oo. Digi-news and Digi-ads version 1.1 admin access without password Discovered on 2003, March, 30th Vendor: Digi-FX Digi-news 1.1 is a PHP news editor. It allows you to easily add, edit, and delete news. Digi-ad 1.1 is...
CGIForum 1.0 Vulnerability
Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska [email protected] CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is...
allmanage.pl.txt
Allmanage.pl vulnerability 13 may 2000 Websites using 'Allmanage Website Administration Software 2.6 WITH the upload ability', and maybe earlier versions , contain a vulnerability wich gives you full add/del/change access in the user-account directories and you can change the files in the main...