phpbb2011.txt

Phpbb: All vulnerable all except 2.0.11 Attachment module: All version vulnerable Howdark update opened wide my eyes with his nice exploit: Bugtraq id: 10701 ----- viewtopic.php?t=1&highlight=%2527 ----- Looking at the code I saw that was possible inject any type of Sql query with a multiple char...

CVE-2004-0837

MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service crash or hang via multiple threads that simultaneously alter MERGE table UNIONs...

RHEL 2.1 : mysql (RHSA-2003:094)

Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...

Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

Description It has been reported that a variant attack in the RPCSS service of Microsoft Windows exists. Because of this, it may be possible for an attacker to mount denial of service attacks and execute arbitrary code on the affected system. The source of the issue is reportedly a multi-thread...

Thread-ITSQL XSS Vulnerability

Thread-ITSQL XSS Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Thread-ITSQL Vendor: http://www.ymonda.co.uk Issue: Remote attackers can inject XSS script. Description: ============ "Thread-ITSQL message board product is designed specifically for SQL Serv...

Thread-IT Message Board XSS Vulnerability

Thread-IT Message Board XSS Vulnerability Published: 24 September 2003 Released: 24 September 2003 Affected Systems: Thread-IT Message Board Vendor: http://www.ymonda.co.uk Issue: Remote attackers can inject XSS script. Description: ============ "Thread-IT is a simple message board product that...

yMonda Thread-IT 1.6 - Multiple HTML Injections

source: https://www.securityfocus.com/bid/8692/info It has been reported that yMonda Thread-IT is prone to a HTML injection vulnerability that may allow an attacker to execute HTML code in a user's browser. The issue is reported to be present in the 'Topic Title', 'Name', and 'Message' fields. Th...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

Important: Red Hat Security Advisory: : Updated MySQL packages fix vulnerabilities

Updated MySQL server packages fix both a double-free security vulnerability and a root exploit security vulnerability. Updated 1 May 2003 Added updated packages for Red Hat Linux 9, which is vulnerable to CAN-2003-0150. MySQL is a multi-user, multi-threaded SQL database server. A double-free...

Important: Red Hat Security Advisory: mysql security update

Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...

DSA-288 openssl - several vulnerabilities

Bulletin has no description...

CVE-2002-1409

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service data page fault panic via "an incorrect reference to thread register state."...

CVE-2002-1409

ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service data page fault panic via "an incorrect reference to thread register state."...

CVE-2002-2398

The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter...

APBoard-Bug

Product: APBoard-Bug Versions: tested on 2.02 Vulnerability: users can subscribe a thread in the internal forum Date: Dezember 5, 2002 Discovered by: DNA [email protected] Introduction: Normal Users can read new answers to a thread in the internal forum I have already informed APP about this...

APBoard 2.0 2 - Unauthorized Thread Reading

APBoard 2.0 2 - Unauthorized Thread Reading source: https://www.securityfocus.com/bid/6330/info A vulnerability has been reported for APBoard that may allow unauthorized users to read postings in internal forums. The vulnerability is a result of the 'useraction.php' script failing to properly che...

Fixed in Apache Tomcat 4.1.0

Important: Denial of service CVE-2003-0866 A malformed HTTP request can cause the request processing thread to become unresponsive. A sequence of such requests will cause all request processing threads, and hence Tomcat as a whole, to become unresponsive. Affects: 4.0.0-4.0.6 Low: Information...

CVE-2000-0825

Ipswitch Imail 6.0 is affected by a denial-of-service vulnerability where a large number of concurrent connections with a long Host header can cause a thread to crash. This CVE (CVE-2000-0825) is described in multiple sources (NVD, CVE List) as enabling remote attacks that disrupt service, but th...

CVE-2000-0825

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash...