176 matches found
[DLA-0021-1] fail2ban security update
Package : fail2ban Version : 0.8.4-3+squeeze3 CVE ID : CVE-2013-7176 CVE-2013-7177 Use anchored failregex for filters to avoid possible DoS. Manually picked up from the current status of 0.8 branch as of 0.8.13-29-g09b2016: - CVE-2013-7176: postfix.conf - anchored on the front, expects...
foreman-proxy SSL verification issue
Foreman Security reports: The smart proxy when running in an SSL-secured mode permits incoming API calls to any endpoint without requiring, or performing any verification of an SSL client certificate. This permits any client with access to the API to make requests and perform actions permitting...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186...
CVE-2013-3440
Multiple cross-site scripting XSS vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186...
Ubuntu 10.04 LTS / 11.04 / 11.10 : network-manager-applet vulnerability (USN-1483-2)
USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc...
DMXReady Secure Document Library Persistent XSS Vulnerability
Exploit for php platform in category web applications ============================================================= DMXReady Secure Document Library Persistent XSS Vulnerability =============================================================...
i-Gallery Multiple Vulnerability
Exploit for php platform in category web applications ================================ i-Gallery Multiple Vulnerability ================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /'...
Debian DSA-1986-1 : moodle - several vulnerabilities
Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4297 Multiple cross-site request forgery CSRF vulnerabilities have been discovered. - CVE-2009-4298 It has be...
Debian: Security Advisory (DSA-1986-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
How the economy is hurting security
From Purdue University’s CERIAS The economic crisis has affected virtually every facet of society, and information security is no exception. In a new report titled Unsecured Economies: Protecting Vital Information, researchers from Purdue University’s CERIAS security center lay out the fairly ble...
Microsoft Windows Vista/2003/XP/2000 file management security issues
Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...
osTicket setup.php Accessibility
The target is running at least one instance of an improperly secured installation of osTicket and allows access to setup.php. Copyright C 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
PHPNuke78.txt
NewAngels Advisory 7PHP Nuke sqlquery"SELECT active, view FROM ".$prefix."modules WHERE title='$name'"; The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code: $queryString = strtolower$SERVER'QUERYSTRING'; if...
PHP Nuke <= 7.8 Multiple SQL Injections
NewAngels Advisory 7PHP Nuke = 7.8 Multiple SQL Injections ============================================================================= Software: PHP Nuke 7.8 Type: SQL Injections Risk: High Date: Sep. 10 2005 Vendor: PHP-Nuke phpnuke.org Credit: ======= Robin 'onkelfisch' Verton from...
citibankXSS.txt
------=Part8324496004.1123943920825 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi Full-Disclosure, I'm here to report an XSS vulnerability in one of Citibank's websites. I actually found this at a log in screen, but it's on...
phpBB 2.0.15 (highlight) Database Authentication Details Exploit
Exploit for unknown platform in category web applications ================================================================ phpBB 2.0.15 highlight Database Authentication Details Exploit ================================================================ !/usr/bin/perl tested and working /str0ke...