1026 matches found
CVE-2007-1811
The vulnerability described as CVE-2007-1811 affects the Tiny Event module for XOOPS (version 1.01 and earlier). It is a SQL injection in index.php where the id parameter used by the show action allows remote attackers to execute arbitrary SQL commands. This is the confirmed root cause: improper ...
CVE-2007-1811
SQL injection vulnerability in index.php in the Tiny Event tinyevent 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action...
XOOPS Module Tiny Event <= 1.01 (id) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl Script Name: XOOPS Module Tiny Event = 1.01 id Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : inurl:/modules/tinyevent/ S.Page : http://www.chapi.de/ $$ : ?? .. : ajann,Turkey use IO::Socket; if@ARGV 1 print ...
XOOPS Module Tiny Event 1.01 - 'id' SQL Injection
!/usr/bin/perl Script Name: XOOPS Module Tiny Event : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id; $target =...
XOOPS Module Tiny Event 1.01 - id SQL Injection
XOOPS Module Tiny Event 1.01 - id SQL Injection !/usr/bin/perl Script Name: XOOPS Module Tiny Event : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User ID uid: "; $id = ; chop $id;...
DEBIAN-CVE-2007-1655
Buffer overflow in the funladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors related to lists of numbers...
CVE-2006-7007
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service daemon crash via a long USER command, a different vector than CVE-2000-0133...
CVE-2006-7007
CVE-2006-7007 describes a buffer overflow in Tiny FTPd (versions 1.4 and earlier) that can cause a denial of service (daemon crash) by sending a long USER command. The vulnerability affects Tiny FTPd’s handling of USER and is separate from CVE-2000-0133. Public references exist (SecurityVulns: Ti...
CVE-2006-7007
Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers to cause a denial of service daemon crash via a long USER command, a different vector than CVE-2000-0133...
Tiny Web图库图象参数远程文件包含漏洞
Tiny Web Gallery是一款基于PHP的图库程序。 Tiny Web Gallery不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是\'image.php\'、\'image.php2\'脚本对用户提交的\'image\'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Tiny Web Gallery 1.5 http://www.tinywebgallery.com/en/index.htm...
Tiny Web Gallery 1.5 - 'Image' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/19462/info Tiny Web Gallery is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP...
CVE-2006-1898
CVE-2006-1898 describes multiple cross-site scripting (XSS) vulnerabilities in TinyPHPForum (TPF) 3.6 and earlier. The flaws allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in the profile.php view action and (2) a login name. The documents do not provide ...
Tiny Web Gallery 1.4 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/17536/info Tiny Web Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in th...
Tiny Web Gallery 1.4 - index.php Cross-Site Scripting
Tiny Web Gallery 1.4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17536/info Tiny Web Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...
[SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 986-1 [email protected] http://www.debian.org/security/ Martin Schulze March 6th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 985-1] New libtasn1-2 packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 985-1 [email protected] http://www.debian.org/security/ Martin Schulze March 6th, 2006 http://www.debian.org/security/faq -...
CVE-2006-0645
Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...
CVE-2006-0645
Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...
Integer overflow
Tiny C Compiler TCC 0.9.23 aka TinyCC evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...
CVE-2006-0635
Tiny C Compiler TCC 0.9.23 aka TinyCC evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...