805 matches found
DEBIAN-CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
Design/Logic Flaw
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
CVE-2011-1433
The 1 AgentInterface and 2 CustomerInterface components in Open Ticket Request System OTRS before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the UserLogin and UserPW fiel...
Angel LMS 7.3 Cross Site Scripting
I have discovered a security exploit in Angel LMS 7.3 "Colleges and universities worldwide choose the ANGEL LMS to deliver powerful online teaching and learning experiences. ANGEL provides the comprehensive LMS features institutions need in a simple interface that promotes adoption. A recognized...
Новый метод атаки через Reverse-IP
Новый метод атаки через reverse-ip Хоть статья и 2009 года, но до сих пор актуальна. 0. INTRO Вобщем не буду делать большое вступление. Недавно имело место хекать сайт. Шел был успешно залит на соседний, но вот беда на сервере грамотно выставленны права. Пришлось включать голову и думать. И в...
Mandriva Update for php MDVSA-2010:045 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:045 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Mandriva Update for php MDVSA-2010:045 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:045 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Mandriva Linux Security Advisory : php (MDVSA-2010:045)
A vulnerability has been found and corrected in php : PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive CVE-2009-4143. Packages for 2008.0...
Ubuntu Update for php5 vulnerabilities USN-882-1
Ubuntu Update for Linux kernel vulnerabilities USN-882-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8821.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for php5 vulnerabilities USN-882-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : php5 vulnerabilities (USN-882-1)
Maksymilian Arciemowicz discovered that PHP did not properly handle the inirestore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. CVE-2009-2626 It was discovered that the htmlspecialchars...
PBX Business Phone Application Cross Site Scripting
PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting vulnerabilities. Details ======= Tested on OS: Windows 7...
PBX Phone System 2.x - Multiple Vulnerabilities
PBX Phone System 2.x - Multiple Vulnerabilities PenTest Information: ==================== Global-Evolution Security Team remove discover multiple Vulnerabilities on PBX Phone System Application. An attacker can get sensitive customer/admin session-data over multiple Cross-Site-Scripting...
CVE-2009-4143
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...
CVE-2009-4143
CVE-2009-4143 affects PHP ≤ 5.2.11 (listed as 5.2.12 exclusion) where session data handling is improper, specifically interrupt corruption of the $_SESSION array and mismanagement of session.save_path. This is referenced in multiple advisories and included in HP/HPE SMH and Debian/OpenVAS records...
CVE-2009-4143
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to 1 interrupt corruption of the SESSION superglobal array and 2 the session.savepath directive...
PHP会话数据还原序列化存在任意代码执行漏洞
No description provided by source...
SA-CONTRIB-2009-074- Webform - Multiple vulnerabilities
Cross-site scripting The Webform module enables the creation of custom forms for collecting data from users. The Webform module does not properly escape field labels in certain situations. A malicious user with permission to create webforms could attempt a cross-site scripting XSS attack when...