767 matches found
Debian Security Advisory DSA 1404-1 (gallery2)
The remote host is missing an update to gallery2 announced via advisory DSA 1404-1. OpenVAS Vulnerability Test $Id: deb14041.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1404-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
XSS vulnerability in recently updated and configure RSS feed actions
Our eSecurity team has identified a Cross Site Scripting issue with the confluence server as follows: Arbirtatry javascript can be injected in the following cases which can lead to escalated or invalid privileges being granted to an unauthorized user: 1...
XSS vulnerability in recently updated and configure RSS feed actions
Our eSecurity team has identified a Cross Site Scripting issue with the confluence server as follows: Arbirtatry javascript can be injected in the following cases which can lead to escalated or invalid privileges being granted to an unauthorized user: 1...
Debian DSA-1404-1 : gallery2 - programming error
Nicklous Roberts discovered that the Reupload module of Gallery 2, a web-based photo management application, allowed unauthorized users to edit Gallery's data file. The oldstable distribution sarge does not contain a gallery2 package. The previous gallery package is not affected by this...
vanilla-sql.txt
= 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's loop count default 300000\n"; echo "-...
Vanilla 1.1.3 - Blind SQL Injection
Vanilla 1.1.3 - Blind SQL Injection = 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo "------------------------------------------------------------\n"; echo "Vanilla - use specific prefix default LUM\n"; echo "-id= - use specific user id default 1\n"; echo "-c= - benchmark's...
CVE-2007-4669
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log firebird.log, aka CORE-1148...
Jportal 2.3.1 CSRF vulnerability
Type: CSRF Attack / Input Validation Error Remote: Yes Version: 2.3.1 very possible, that older versions are vulnerable too Problem is in admin/admin.adm.php: function addadmin global $name, $mail, $nick, $action, $usertbl, $access; global $nick, $PHPSELF, $pass, $pass, $acce, $op, $goto;...
efsStream.txt
/ ========================================================================== 0-day Alternative File Stream Exploit for EFS Easy Address Book Web Server =========================================================================== EFS' Easy Address Book Web Server is vulnerable to file stream exploi...
PHPMyDesktopArcade 1.0 - index.php Local File Inclusion
PHPMyDesktopArcade 1.0 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/18185/info phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. An attacker may also be able to execute...
PHPMyDesktop/Arcade 1.0 - 'index.php' Local File Inclusion
source: https://www.securityfocus.com/bid/18185/info phpMyDesktop|arcade is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts. An attacker may also be able to execute arbitrary code by way of uploaded images...
Invision Power Board Calendar SQL Injection Vulnerability
The remote host is running Invision Power Board - a CGI suite designed to set up a bulletin board system on the remote web server. A vulnerability has been discovered in the sources/calendar.php file that allows unauthorized users to inject SQL commands. SPDX-FileCopyrightText: 2003 Noam Rathaus...
OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage Advisory number: SCOSA-2005.24 Issue date: 2005 May 13 Cross reference: sr893223 fz531468 erg712804 sr893224 fz531469 erg712805...
HP-UX PHSS_23096 : HPSBUX0102-142 Sec. Vulnerability in OV OmniBack (rev.1)
s700800 11.00 OV OB3.10 patch - CORE packet : Security vulnerability with HP OpenView OmniBack Clients, where unauthorized remote users can start a shell as System Administrator. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extract...
Samba: Remote printing non-vulnerability
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Due to a bug in the printernotifyinfo function, authorized users could potentially crash their smbd process by sending improperly...
IBM DB2 Semaphore Signaling - Denial of Service
IBM DB2 Semaphore Signaling - Denial of Service source: https://www.securityfocus.com/bid/11403/info A denial of service vulnerability has been reported in IBM DB2. This vulnerability is reported to only exist when DB2 is installed on Microsoft Windows operating systems. This issue is due to a...
IBM DB2 Semaphore Signaling - Denial of Service
source: https://www.securityfocus.com/bid/11403/info A denial of service vulnerability has been reported in IBM DB2. This vulnerability is reported to only exist when DB2 is installed on Microsoft Windows operating systems. This issue is due to a failure of the application to properly ensure that...
GLSA-200407-09 : MoinMoin: Group ACL bypass
The remote host is affected by the vulnerability described in GLSA-200407-09 MoinMoin: Group ACL bypass MoinMoin contains a bug in the code handling administrative group ACLs. A user created with the same name as an administrative group gains the privileges of the administrative group. Impact : I...
JetboxOne may allow unauthorized users to execute arbitrary code
Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains a bug in the code handling administrative group ACLs. A user created with the same name as an administrative group gains the privileges of the administrative group. Impact If an administrative grou...