JVN#31723154 LacoodaST from SpaceTag, Inc. session fixation vulnerability

LacoodaST from SpaceTag, Inc. is groupware providing schedule and task managements, etc. LacoodaST contains a session fixation vulnerability. Impact A remote attacker impersonating a logged in user could manipulate the operation with the user's privilege. As a result, disclosure or alteration of...

JVN#83428818 La!cooda WIZ and LacoodaST vulnerable to cross-site request forgery

La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site request forgery vulnerability. Impact Password or other configurations may be changed if the logged in user...

kernel security update

CentOS Errata and Security Advisory CESA-2008:0607 Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain...

RHEL 4 : kernel (RHSA-2008:0607)

Updated kernel packages that fix a security issue and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating...

System in a variety of hidden super user method-vulnerability warning-the black bar safety net

One, how in the graphical interface to establish a hidden super user Graphical interface for local or open 3 3 8 9 Terminal Services the broiler. Above I mentioned that the author said the method is very good, but more complex, 还要用到psu.exelet the program to the system user identity of the running...

MS Windows 2K/XP Task Scheduler .job Exploit (MS04-022)

No description provided by source. // // Microsoft Windows 2K/XP Task Scheduler Vulnerability MS04-022 // Proof-of-Concept Exploit for English WinXP SP1 // 15 Jul 2004 // // Running this will create a file "j.job". When explorer.exe or any // file-open dialog box accesses the directory containing...

Unfixed XSS vulnerability at www.whozat.com

Security researcher Lostmon, has submitted on 13/07/2008 a cross-site-scripting XSS vulnerability affecting www.whozat.com, which at the time of submission ranked 355340 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/11/2008. It is currentl...

Joomla Simple Shop Galore Component 3.x (catid) SQL Injection

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @ Joomla option: comsimpleshop SQL Injection ------------------------------------------------------ @ AUTHOR: eXeCuTeR executerxatgmaildotcom...

Buffer overflow

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service task halt and main storage dump via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited...

SamTodo 1.1 - tid Cross-Site Scripting

SamTodo 1.1 - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/29568/info SamTodo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Joomla! Component paxxgallery 0.2 - 'gid' Blind SQL Injection

!/usr/bin/perl use strict; use LWP::Simple; print "-+-- Joomla Component PaxxGallery Blind SQL Injection Exploit gid --+-\n"; print "-+-- "more than 1 row" --+-\n"; print "-+-- --+-\n"; print "-+-- Author: ZAMUT --+-\n"; print "-+-- Vuln: gid= --+-\n"; print "-+-- Dork: option=compaxxgallery...

Joomla Component Acajoom (com_acajoom) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== Joomla Component Acajoom comacajoom SQL Injection Vulnerability ================================================================== Joomla Component comacajoom SQL Injection...

Information disclosure

Gallarific does not require authentication for 1 users.php and 2 index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1327

Gallarific does not require authentication for 1 users.php and 2 index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1165

Multiple cross-site scripting XSS vulnerabilities in Flyspray 0.9.9 through 0.9.9.4 allow remote attackers to inject arbitrary web script or HTML via 1 a forced SQL error message or 2 oldvalue and newvalue database fields in task summaries, related to the itemsummary parameter in a details action...

Sql injection

SQL injection vulnerability in the comsg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task...

Sql injection

SQL injection vulnerability in the commezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task...

CVE-2008-0816

SQL injection vulnerability in the comsg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task...

Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability

No description provided by source. joomla SQL Injectioncomxfaq AUTHOR : S@BUN HOME : http://www.hackturkiye.com http://www.milw0rm.com/author/1334 MA陌L : [email protected] [email protected] DORK 1 : allinurl: aid "comxfaq" DORK 2 : allinurl: "comxfaq" EXPLOIT :...

CVE-2008-0731

The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not properly handle failure of an AppArmor changehat system call, which might allow attackers to trigger the unconfining of an apparmored task...