CVSTrac ticket title arbitrary command execution

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to ticket titles containing a semi-colon ';' that may allow an attacker to execute arbitrary commands on the system. OpenVAS has determined the vulnerability...

CVSTrac cgi.c multiple overflows

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains multiple flaws in the mprintf, vmprintf, and vxprintf functions in cgi.c. A remote attacker, exploiting this flaw, would be able to execute arbitrary code on the remote system...

CVSTrac filediff vulnerability

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version of filediff has a flaw in the input sanitation which, when exploited, can lead to a remote attacker executing arbitrary commands on the system. SPDX-FileCopyrightText: 2004 David...

MySQL Eventum Multiple flaws

The remote host seems to be running MySQL Eventum, a user-friendly and flexible issue tracking system written in PHP. The remote version of this software is vulnerable to cross-site scripting attacks, through multiple scripts. With a specially crafted URL, an attacker can use the remote server to...

CVSTrac chdir() chroot jail escape

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the chdir function that may allow an attacker to escape the chroot jail. An attacker, exploiting this flaw, would be able to access files outside of the web...

Gator/GAIN Spyware Installed

The remote host has Gator/GAIN Spyware Installed. Gator tracks the sites that users visit and forwards that data back to the company SPDX-FileCopyrightText: 2003 Jeff Adams Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

TeeKai Tracking Online XSS

The remote host runs Teekai Tracking Online, a PHP script used for tracking the number of user SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

CVSTrac timeline.c timeline_page function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the timelinepage function in timeline.c that may allow an attacker to cause a buffer overflow. An attacker, exploiting this flaw, would be potentially able t...

CVSTrac history.c history_update function overflow

The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system...

Security Advisory for Bugzilla 2.18.3, 2.20rc2, and 2.21

Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + config.cgi exposes information to users who aren't logged in, even when...

PhpMyFAQ 1.5.1 multiple vulnerabilities

2.31 23/09/2005 PhpMyFaq 1.5.1 SQL injection / board takeover / user info disclosure / path disclosure remote code / commands execution software: site: http://www.phpmyfaq.de/ description: "phpMyFAQ is a multilingual, completely database-driven FAQ-system. It supports various databases to store a...

smf105.txt

Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure: a user can choose an sumbit an avatar url like this: http://evilsite/image.php where image.php is a file like this: When forum users...

BNBT P2P Tracking Detection

Binary data 3196.prm...

Debian DSA-778-1 : mantis - missing input sanitising

Two security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2556 A remote attacker could supply a specially crafted URL to scan arbitrary ports on arbitrary hosts tha...

DSA-778-1 mantis - missing input sanitising

Bulletin has no description...

CVE-2002-2055

Cross-site scripting XSS vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2002-2055

TeeKai Tracking Online XSS (CVE-2002-2055) affects the TeeKai Tracking Online web app (1.0) via userlog.php, where the id parameter is not properly sanitized, allowing a remote attacker to inject arbitrary script/HTML. Public sources reiterate an XSS risk; OpenVAS/Nessus mention that a crafted UR...

CVE-2002-2058

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'...

CVE-2002-2058

TeeKai Tracking Online 1.0 is affected by a weak encryption flaw in the stored web usage statistics (data/userlog/log.txt) that enables remote attackers to identify visiting IPs by dividing each octet by the MD5 hash of '20'. The Red Hat advisory and PT-Security notes corroborate the vulnerabilit...

Security Advisory for Bugzilla 2.18.1 and 2.19.3

Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers two security bugs that have recently been discovered and fixed in the Bugzilla code: + Any user can change a flag on any bug. This also allows the attacker to expose the...