CodeIgniter 1.5.3 vulnerabilities

CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. http://www.codeigniter.com 1. sanitizeglobals global variables unsetting By setting e.g. "SERVER=anonymous" cookie in the...

Phpwebgallery-1.4.1, Multiple Cross Site Scripting

Phpwebgallery-1.4.1 - Multiple Cross Site Scripting Vendor : http://www.phpwebgallery.net/ Risk : Low ---------------------------------------------------------------- Register.php - login and mailaddress fields are vulnerables to XSS attacks Search.php - searchauthor,mode, startyear, endyear,...

Supported SmartDefense and Web Intelligence Protections for VPN-1 VSX NGX Gateways

VPN-1 VSX provides a set of virtual components acting as real network devices such as Firewall gateways, routers, switches, and network cables. Using these virtual components, network topologies are created that are functionally equivalent to networks built with physical devices. Each Virtual...

Sonium Enterprise Adressbook 0.2 - 'folder' Include

+-------------------------------------------------------------------- + + Sonium Enterprise Adressbook Version 0.2 folder RFI + + Original advisory: + http://www.bb-pcsecurity.de/Websecurity/342/org/SoniumEnterpriseAdressbookVersion0.2folderRFI.htm +...

[MajorSecurity #10]i.List <= 1.5 - XSS

MajorSecurity 10i.List = 1.5 - XSS ---------------------------------------- Software: i.List Version: =1.5 Type: XSS Date: June, 8th 2006 Vendor: Skoom Page: http://skoom.de Credits: ------------------------------- David 'Aesthetico' Vieira-Kurz http://www.majorsecurity.de Affected Products:...

EasyPageCMSXSS.txt

------------------------------------------------------ Nightmare TeAmZ Advisory 015 ------------------------------------------------------ Date - 11/2005 EasyPageCMS Cross Site Scripting AFFECTED PRODUCTS ================= EasyPageCMS http://www.davehusk.com Xss Poof: ======== poof:...

Check Point SecureRemote (SecuRemote) Information Disclosure Vulnerability - Active Check

The remote host seems to be a Check Point FireWall-1 running SecureRemote SecuRemote. The SecuRemote service contains a vulnerability that allows attackers to gain information about the hosts, networks, and users configured on the Firewall. SPDX-FileCopyrightText: 2001 SecuriTeam Some text...

[Full-disclosure] Prevx Pro 2005 - Multiple Vulnerabilities

Prevx Pro 2005 - Multiple Vulnerabilities ================================================= PROGRAM: PrevX Pro 2005 OMEPAGE: http://www.prevx.com DESCRIPTION ================================================= " Prevx Pro 2005 is the new ‘must have' security solution. Prevx Pro utilises the latest...

Microsoft Windows Message Queuing - Remote Buffer Overflow Universal (MS05-017) (v.0.3)

Microsoft Windows Message Queuing - Remote Buffer Overflow Universal MS05-017 v.0.3 / HOD-ms05017-msmq-expl.c: 2005-06-28: PUBLIC v.0.3 Copyright c 2004-2005 houseofdabus. MS05-017 Message Queuing Buffer Overflow Vulnerability Universal Exploit .:: houseofdabus ::...

IRC Bot Detection

This host seems to be running an ident server, but before any request is sent, the server gives an answer about a connection to port 6667. It is very likely this system has been compromised by an IRC bot and is now a 'zombie' that can participate in 'distributed denial of service' DDoS attacks...

[SA15332] Nuke ET "codigo" Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Nuke ET "codigo" Cross-Site Scripting Vulnerability...

myPHP Forum v1, 2 & 3

PHOX: myPHP Forum v1, 2 & 3 Exploits Content - Credits - SMFDBPWNOCS - Solution - Contact Credits Exploit discovered by Phoxpherus Phorce, Phox R&P, Terencentanio Root32 SMFDBPWNOCS - Stupid Mofo Database Spamming When No One Can See In short, forum.php and topic.php have no validation checks. Th...

FCKeditor for PHP-Nuke Arbitrary File Upload

The remote host is running a version of the FCKeditor add-on for PHP-Nuke that allows a remote attacker to upload arbitrary files and run them in the context of the web server user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

CERN httpd Double Slash Protected Webpage Bypass

The remote web server allows an attacker to access protected web pages by replacing slashes in the URL with '//' or '/./', which is a known problem in older versions of CERN web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17230; scriptversion"1.19";...

HP-UX Security patch : PHCO_12326

The remote host is missing HP-UX Security Patch number PHCO12326 . Security Bulletin for mediainit1 in HP-UX 9.X and 10.X %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid16697;...

HP-UX Security patch : PHKL_25244

The remote host is missing HP-UX Security Patch number PHKL25244 . Sec. Vulnerability in setrlimit1M rev. 1 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid16617; scriptversion"1.7"...

HP-UX Security patch : PHNE_13471

The remote host is missing HP-UX Security Patch number PHNE13471 . Security Vulnerability with land on HP-UX %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid16530; scriptversion"1.7...

HP-UX Security patch : PHNE_9104

The remote host is missing HP-UX Security Patch number PHNE9104 . SYN Flooding Security Vulnerability in HP-UX %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid17042;...

POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification

The remote host is running POP Password Changer, a server to change POP user's passwords. According to the version number, the remote software is vulnerable to an unauthorized access. An attacker, exploiting this flaw, will be able to change user's password. C Tenable Network Security, Inc...

TeeKai Tracking Online XSS

The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of users on a Web site. This version is vulnerable to cross-site scripting attacks. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL, resulting in the execution ...