Ez Cart v1.0 Multiple XSRF Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Ez Cart Cross Site Request Forgery

----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...

Chipmunk Newsletter CSRF Vulnerabilities

No description provided by source. ------------------------------------------------------------------------------------------------- Title: Chipmunk Newsletter CSRF Vulnerabilities Author: Milos Zivanovic Date: 11. December 2009...

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

CVE-2009-4023

Summary: CVE-2009-4023 (with CVE-2009-4111) affects the Mail::Send implementation in PEAR Mail’s sendmail.php for the Mail package, version 1.1.14. A crafted $from parameter allows remote attackers to read and write arbitrary files over the network. The vulnerability is classified with base CVSS ...

CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow

include include include include include include void ssend SOCKET s, char msg, DWORD size int sent; printf "ssend: begin: %d bytes\n", size; sent=send s, charmsg, size, 0; if sent==SOCKETERROR printf "send - SOCKETERROR, WSAGetLastError=%d\n", WSAGetLastError; else if sent!=size printf "sent only...

GLSA-200909-17 : ZNC: Directory traversal

The remote host is affected by the vulnerability described in GLSA-200909-17 ZNC: Directory traversal The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact : A remote, authenticated user could send a specially crafted DCC SEND request to overwrite...

ZNC: Directory traversal

Background ZNC is an advanced IRC bouncer. Description The vendor reported a directory traversal vulnerability when processing DCC SEND requests. Impact A remote, authenticated user could send a specially crafted DCC SEND request to overwrite arbitrary files with the privileges of the user runnin...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...

CVE-2009-2964

Multiple cross-site request forgery CSRF vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to 1 functions/mailboxdisplay.php, 2...

Directory traversal

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

DEBIAN-CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request...

CVE-2009-2481

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and 1 send e-mail to arbitrary addresses or 2 obtain sensitive information via unspecified vectors...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

Exploit for unknown platform in category web applications ================================================================ Dokeos LMS = 1.8.5 whoisonline.php PHP Code Injection Exploit ================================================================ ?php /...

Lanius CMS 0.5.2 - Arbitrary File Upload

Lanius CMS 0.5.2 - Arbitrary File Upload = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if isset$allowedext 57. $ext = fileext$thyname; 58. if $ext==='' || !inarray$ext, $allowedext...