809 matches found
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
Pandora FMS Monitoring 2.1 1.3.x - Multiple Vulnerabilities
Document Title: =============== Pandora FMS Monitoring 2.1 1.3.x - Multiple Vulnerabilities Release Date: ============= 2011-07-18 Vulnerability Laboratory ID VL-ID: ==================================== 105 Product & Service Introduction: =============================== Pandora FMS is a monitorin...
Pandora FMS Monitoring 2.1 1.3.x - Multiple Vulnerabilities
Document Title: =============== Pandora FMS Monitoring 2.1 1.3.x - Multiple Vulnerabilities Release Date: ============= 2011-07-18 Vulnerability Laboratory ID VL-ID: ==================================== 105 Product & Service Introduction: =============================== Pandora FMS is a monitorin...
PBX Phone System v2.x & 3.x - Multiple Web Vulnerabilities
Document Title: =============== PBX Phone System v2.x & 3.x - Multiple Web Vulnerabilities References Source: ==================== CVE: 2009-4458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4458 OSVDB-ID: 61357 http://osvdb.org/show/osvdb/61357 EDB-ID: 10645...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
DEBIAN-CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
Design/Logic Flaw
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
Angel LMS 7.3 Cross Site Scripting
I have discovered a security exploit in Angel LMS 7.3 "Colleges and universities worldwide choose the ANGEL LMS to deliver powerful online teaching and learning experiences. ANGEL provides the comprehensive LMS features institutions need in a simple interface that promotes adoption. A recognized...
Новый метод атаки через Reverse-IP
Новый метод атаки через reverse-ip Хоть статья и 2009 года, но до сих пор актуальна. 0. INTRO Вобщем не буду делать большое вступление. Недавно имело место хекать сайт. Шел был успешно залит на соседний, но вот беда на сервере грамотно выставленны права. Пришлось включать голову и думать. И в...
Mandriva Update for php MDVSA-2010:045 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:045 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Mandriva Update for php MDVSA-2010:045 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:045 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Mandriva Linux Security Advisory : php (MDVSA-2010:045)
A vulnerability has been found and corrected in php : PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive CVE-2009-4143. Packages for 2008.0...
Ubuntu Update for php5 vulnerabilities USN-882-1
Ubuntu Update for Linux kernel vulnerabilities USN-882-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8821.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for php5 vulnerabilities USN-882-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
Maksymilian Arciemowicz discovered that PHP did not properly handle the inirestore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. CVE-2009-2626 It was discovered that the htmlspecialchars...
PBX Business Phone Application Cross Site Scripting
PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities. Details ======= Tested on OS: Windows 7...
PBX Phone System 2.x - Multiple Vulnerabilities
PBX Phone System 2.x - Multiple Vulnerabilities PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting...
CVE-2009-4143
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...