Syntax Desktop 2.7 - 'synTarget' Local File Inclusion

-----------------:local File Include:----------------- ------------------------------------------------------- script: syntax-desktop 2-7 ------------------------------------------------------------------ download...

[SECURITY] Fedora 9 Update: DevIL-1.7.5-2.fc9

Developer's Image Library DevIL is a programmer's library to develop applications with very powerful image loading capabilities, yet is easy for a developer to learn and use. Ultimate control of images is left to the developer, so unnecessary conversions, etc. are not performed. DevIL utiliz es a...

Linux/x86 - Socket-proxy Shellcode (372 bytes) (Generator)

Linux/x86 - Socket-proxy Shellcode 372 bytes Generator. Shellcode exploit for Generator platform /--------------------------------------------------------------------------- 372 byte socket-proxy shellcode by Russell Sanford - [email protected]...

Linux/x86 - setreuid() + /sbin/iptables -F + exit(0) Shellcode (76 bytes)

Linux/x86 - setreuid + /sbin/iptables -F + exit0 Shellcode 76 bytes. Shellcode exploit for Linuxx86 platform / Author: Sh3llc0d3 Environment: Linux/x86 Developed from: GNU ASM AT&T Syntax Purpose: setreuid - /sbin/iptables -F - exit0 Size: 76 bytes Website: root-exploit.com / char code =...

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

Cross-domain data theft via script redirect error message — Mozilla

Google security researcher Chris Evans reported that a website could access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data which is not parsable as JavaScript. Upon attempting to load the da...

CVE-2008-5186

The setlanguagepath function in geshi.php in Generic Syntax Highlighter GeSHi before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $path variable. NOTE: this issue has been disputed by a vendor, stating that only...

PT-2008-6329 · Nigel Mcnie · Geshi

Name of the Vulnerable Software and Affected Versions: Generic Syntax Highlighter GeSHi versions prior to 1.0.8.1 Description: The set language path function in geshi.php might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path $pa...

Sql injection

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

CVE-2008-3845

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

CVE-2008-3845

Crafty Syntax Live Help (CSLH) prior to version 2.14.6 contains multiple SQL injection vulnerabilities in the server-side logic handling the department parameter for is_xmlhttp.php and is_flush.php. The underlying issue is unsafely constructed SQL queries that allow remote attackers to alter data...

CVE-2008-3845

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help CSLH 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to 1 isxmlhttp.php and 2 isflush.php...

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

CVE-2008-3840

The CVE-2008-3840 entry concerns Crafty Syntax Live Help (CSLH) 2.14.6 and earlier, where passwords are stored in cleartext in a MySQL database. The root cause is insecure password storage in plaintext, enabling an attacker with context access to obtain sensitive information from the database. Th...

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

crafty-sql.txt

GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...

Crafty Syntax Live Help <= 2.14.6 SQL Injection

GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...

Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln

No description provided by source. Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online...

Crafty Syntax Live Help <= 2.14.6 (department) SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================= Crafty Syntax Live Help = 2.14.6 department SQL Injection Vuln ================================================================= Crafty Syntax Live Help = 2.14.6 SQL Injecti...

Crafty Syntax Live Help 2.14.6 - department SQL Injection

Crafty Syntax Live Help 2.14.6 - department SQL Injection Crafty Syntax Live Help = 2.14.6 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured,...