EVA-Web <=2.1.2 vuln.

EVA-Web =2.1.2 vuln. Vuln. discovered by : r0t Date: 27 may 2006 vendor:http://spip-edu.edres74.net/ affected versions:2.1.2 and prior orginal advisory:http://pridels.blogspot.com/2006/05/eva-web-212-vuln.html Vuln. Description: EVA-Web contains a flaw that allows a remote cross site scripting...

Server termination in netPanzer 0.8 (rev 952)

Luigi Auriemma Application: netPanzer http://www.netpanzer.org http://netpanzer.berlios.de Versions: = 0.8 rev 952 Platforms: nix, BSD, Windown, Mac and others Bug: server termination Exploitation: remote, versus server Date: 23 May 2006 Author: Luigi Auriemma e-mail: [email protected] web:...

Boastmachine.txt

Advisory : Cross Site Scripting in Boastmachine http://boastology.com/ Release Date : 17/05/2005 Last Modified : 17/05/2005 Author : Yunus Emre Yilmaz http://yns.zaxaz.com Application : BoastMachine v3.1 maybe older versions Risk : High Problem : Form action values in admin.php and index.php mayb...

[SECURITY] [DSA 1064-1] New cscope packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1064-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 19th, 2006 http://www.debian.org/security/faq -...

CVE-2006-2466

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."...

[SA20171] CodeAvalanche News "password" SQL Injection Vulnerability

TITLE: CodeAvalanche News "password" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA20171 VERIFY ADVISORY: http://secunia.com/advisories/20171/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: CodeAvalanche News 1.x http://secunia.com/product/10033/...

Code injection

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...

CVE-2006-2437

The viewfile servlet in the documentation package resin-doc for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter...

[SA20115] Php Blue Dragon CMS "vsDragonRootPath" File Inclusion

TITLE: Php Blue Dragon CMS "vsDragonRootPath" File Inclusion SECUNIA ADVISORY ID: SA20115 VERIFY ADVISORY: http://secunia.com/advisories/20115/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Php Blue Dragon CMS 2.x http://secunia.com/product/9942/ DESCRIPTION: Kacper...

Design/Logic Flaw

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

CVE-2006-2357

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

CVE-2006-2357

CVE-2006-2357 affects Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium. The vulnerability allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp, leading to partial confidentiality impact. The NVD entry lists a Netw...

CVE-2006-2357

Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp...

Ipswitch WhatsUp Professional Multiple Vulnerabilities (XSS, Enum, ID)

The remote host appears to be running Ipswitch WhatsUp Professional, which is used to monitor states of applications, services and hosts. The version of WhatsUp Professional installed on the remote host is prone to multiple issues, including source code disclosure and cross-site scripting...

eWebEditor: the website of the invisible bomb-vulnerability warning-the black bar safety net

Article author: koshan Information source: http://www.hacker.com.cn/ Dear webmasters in using the eWebEditor is found, eWebEditor improperly configured so that it will become the site of the Unabomber? The first discovery of this vulnerability stems from last year's invasion, in the dead end of t...

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleNavigation.asp?sDeviceView Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-cod...

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting

Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code...

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

Design/Logic Flaw

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...

CVE-2006-2248

Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...