Abyss Web Server X1 - Cross-Site Request Forgery

Abyss Web Server X1 - Cross-Site Request Forgery http://osvdb.org/show/osvdb/64693 http://cross-site-scripting.blogspot.com/2010/05/abyss-web-server-x1-xsrf.html : Abyss Web Server X1 XSRF A cross-site request forgery vunlerability in the Abyss Web Server X1 management console can be exploited to...

r57shell Backdoor Detection

At least one instance of r57shell is hosted on the remote web server. This is a PHP script that acts as a backdoor and provides a convenient set of tools for attacking the affected host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Facebook Cross-Site Request Forgery vulnerability

Exploit for unknown platform in category web applications ================================================= Facebook Cross-Site Request Forgery vulnerability ================================================= ============================================= INTERNET SECURITY AUDITORS ALERT 2010-002 -...

AccStatistics 1.1 Cross Site Request Forgery

------------------------------------------------------------------------------------------------- Title: AccStatistics v1.1 XSRF Vulnerability Change Admin Settings Author: Milos Zivanovic Date: 13. December 2009...

CVE-2009-3939

The pollmodeio file for the megaraidsas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file...

DreamPoll 3.1 Vulnerabilities

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...

DreamPoll 3.1 SQL Injection / XSS

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...

DreamPoll 3.1 Vulnerabilities

No description provided by source. During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a...

Gentoo Security Advisory GLSA 200501-22 (poppassd_pam)

The remote host is missing updates announced in advisory GLSA 200501-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Design/Logic Flaw

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the 1 themes.dat, 2 languages.dat, 3 profession.dat, 4 gen.dat, 5 marstat.dat, 6 states.dat, and 7 ages.dat files before saving profile settings of members, which has unknown impact a...

CVE-2007-0697

index2.php in ACGVannu 1.3 and earlier allows remote attackers to change the password or profile of a user via a modified id parameter, related to templates/modif.html. NOTE: some of these details are obtained from third party information...

Code injection

JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki...

CVE-2007-0131

JAMWiki is affected by CVE-2007-0131. The issue is that JAMWiki before 0.5.0 does not properly enforce permissions during moves of topics that are read-only or admin-only, allowing remote attackers to make unauthorized changes to the wiki. The vulnerability is rooted in insufficient permission ch...

CVE-2007-0131

JAMWiki before 0.5.0 does not properly check permissions during moves of "read-only or admin-only topics," which allows remote attackers to make unauthorized changes to the wiki...

Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass

The remote host appears to be a Fuji Xerox Printing Systems FXPS printer. According to its firmware version, the web server component of the FXPS device reportedly fails to authenticate HTTP requests, which could allow a remote attacker to gain administrative control of the affected printer and...

InterScan VirusWall Remote Configuration Vulnerability

The management interface used with the Interscan VirusWall uses several cgi programs that may allow a malicious user to remotely change the configuration of the server without any authorization using maliciously constructed querystrings. OpenVAS Vulnerability Test $Id: interscanvwcgi.nasl 6063...

PHProjekt: setup.php vulnerability

Background PHProjekt is a modular groupware web application used to coordinate group activities and share files. Description Martin Muench, from it.sec, found a flaw in the setup.php file. Impact Successful exploitation of the flaw allows a remote attacker without admin rights to make unauthorize...

[BUGZILLA] Vulnerabilities in Bugzilla 2.16.6 and 2.18rc2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bugzilla Security Advisory October 24, 2004 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers three security bugs that have recently been discovered and fixed in the Bugzilla...

Important: Red Hat Security Advisory: kernel security update

Updated Itanium kernel packages that fix a number of security issues are now available. The Linux kernel handles the basic functions of the operating system. This kernel updates several important drivers and fixes a number of bugs including potential security vulnerabilities. Paul Starzetz...

Fedora Core 1 : kernel-2.4.22-1.2197.nptl (2004-206)

During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances. In the 2.4 kernel, as shipped with Fedora Core 1, the only way this could happen is through the kernel nfs server. A user on a system tha...