PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= PHPList this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4...

Calendar Express Multiple Flaws

The remote web server is using Calendar Express which is vulnerable to a cross site scripting and SQL injection vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Calendar Express Multiple Flaws

The remote web server contains a PHP script which is vulnerable to a cross site scripting and SQL injection vulnerability. Description : The remote host is using Calendar Express, a PHP web calendar. A vulnerability exists in this version which may allow an attacker to execute arbitrary HTML and...

linpha_10_local.txt

------------- Linpha = 1.0 multiple arbitrary local inclusion ----------------- software: site: http://linpha.sourceforge.net/nuke/ description: " LinPHA is an easy to use, multilingual, flexible photo / image archive / album / gallery written in PHP. It uses a SQL database to store information...

DSA-963-1 mydns - missing input sanitising

Bulletin has no description...

CVE-2005-4353

SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter...

aRCHILLES Newsworld &lt; 1.5.0-rc1 Multiple Vulnerabilities

aRCHILLES Newsworld 1.5.0-rc1 Multiple Vulnerabilities Software: aRCHILLES Newsworld Vulnerable versions: = 1.5.0-rc1 Type: Information Disclosure, Login Bypass Risk: Critical Date: 21st October 2005 Vendor: aRCHILLES http://www.scriptworld.kh-webcenter.de Credit: ======= These vulnerabilities we...

RHEL 3 : mysql-server (RHSA-2005:348)

Updated mysql-server packages that fix several vulnerabilities are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. This update fixes several security risks in the MySQL...

phpMyChat 0.14.5 - Remote Improper File Permissions

| | | | | | |/ \ \ /\ / / | | | | \ V V / || ||/ // Security Group. phpMyChat remote sploit by sysbug C:\Perl\binperl pmc.pl www.kublooddrive.com /chat / Mysql dump : CDBHOST : localhost CDBNAME : jhawkpchat1 CDBUSER : jhawkpchat1 CDBPASS : vvejTjeLgB Adding Admin .... login:jhawk pwd:owned /...

Debian DSA-562-1 : mysql - several vulnerabilities

Several problems have been discovered in MySQL, a commonly used SQL database on Unix servers. The following problems have been identified by the Common Vulnerabilities and Exposures Project : - CAN-2004-0835 Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the...

CVE-1999-1520

The CVE-1999-1520 issue is a configuration problem in the Ad Server Sample directory (AdSamples) of Microsoft Site Server 3.0. The root cause is misconfiguration that allows an attacker to obtain the SITE.CSC file, exposing sensitive SQL database information. Affected software: Microsoft Site Ser...

CVE-1999-1520

A configuration problem in the Ad Server Sample directory AdSamples in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information...

[Full-Disclosure] @Mail web interface multiple security vulnerabilities

S-Quadra Advisory 2003-12-09 Topic: @Mail web interface multiple security vulnerabilities Severity: Average Vendor URL: http://www.atmail.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20031209.txt Release date: 09 Dec 2003 1. DESCRIPTION "@Mail is a feature rich Email solution that...

[Full-Disclosure] PrimeBase SQL Database server cleartext password storage.

PrimeBase SQL Database server cleartext password storage. Vapid Labs Security Note 10/20/03 The PrimeBase SQL Database Server 4.2 stores passwords in clear text, and based on the installation users umask settings maybe readable by all local users. From the readme.txt file: "The Admin server will...

e107 db.php User Database Disclosure

The version of e107 installed on the remote host is affected by an information disclosure vulnerability because of a flaw in the 'admin/db.php' script. This can allow an unauthenticated, remote attacker to obtain a dump of the SQL database used by e107, by sending a specially crafted request. An...

Demarc Puresecure v1.6 - Plaintext password issue -

According to Demarc Puresecure's Website; Demarc PureSecureTM is a one of a kind, Total Intrusion Detection System TIDS, which provides an unsurpassed level of comprehensive security. For the first time you will be able to reliably prevent, detect, and deter internal and external threats to your...

Metacart vuln.

Summary MetaCart2.sql is an ASP based shopping Cart application with SQL database. A security vulnerability in the product allows attackers to access the database used for storing user provided data Credit cart numbers, Names, Surnames, Addresses, E-mails, etc. Details Exploit: Accessing any of t...

FreeBSD-SA-01:26.interbase

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:26 Security Advisory FreeBSD, Inc. Topic: interbase contains remote backdoor Category: ports Module: interbase Announced: 2001-03-12 Credits: Firebird project Affects:...

ms.siteserver.3.0.adsamples.txt

Date: Tue, 11 May 1999 16:27:38 -0600 From: Mark To: [email protected] Subject: ALERT Site Server 3.0 May Expose SQL IDs and PSWs ==================================================== Site Server's AdSamples Directory Reveals ID and PSW Discovered by Andrey Kruchkov...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive information pertaining to an SQL database. The AdSamples directory is a part of the Ad...