Paypal Subscription Manager Multiple HTML Injections

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

[SA23608] OpenBSD "vga" Privilege Escalation Vulnerability

TITLE: OpenBSD "vga" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA23608 VERIFY ADVISORY: http://secunia.com/advisories/23608/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: OpenBSD 4.0 http://secunia.com/product/12486/ OpenBSD 3.x...

[SECURITY] [DSA 1223-1] New tar packages fix arbitrary file overwrite

------------------------------------------------------------------------ Debian Security Advisory DSA-1223-1 [email protected] http://www.debian.org/security/ Noah Meyerhans December 01, 2006 - ------------------------------------------------------------------------ Package : tar Vulnerability...

[Full-disclosure] REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability

Description: REMLAB http://remlab.sourceforge.net/ is a fully fuctional cross-platform web-based Battlemech designer for the tactical board game Battletech http://www.classicbattletech.com/ . REMLAB is built entirely on HTML, PHP, and JavaScript with AJAX functionality. The vulnerability exists i...

[NT] Selenium FTP Server Directory Traversal

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability

Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability iDefense Security Advisory 11.08.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 08, 2006 I. BACKGROUND Citrix Presentation Server is a product designed to allow remote access to applications over a...

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong...

[Full-disclosure] DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong...

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities

VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities Status: Reported to the Vendor 09/26/2006 Class: Input Validation Error Severity: Low Software Description: VirtueMart formerly known as mambo-phpShop is an Open Source E-Commerce solution to be used together with a Content...

Newsscript 0.5 - Local/Remote File Inclusion

Product : Newsscript Homepage : http://www.webmaster-journal.com Version : 0.5 Date : 12-09-2006 Vulnerability : Remote & local File Inclusion Risk : High --------------------------------------------------------------------------------------------------------- Description : Newsscript is a PHP...

Newsscript <= 0.5 Remote and Local File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================= Newsscript 2 3 27 include$filename; The second flaw is due to an input validation error in the "article.php" script that does not validate the "ide" parameter, which could be...

[SA21037] McAfee ePolicy Orchestrator Directory Traversal Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

[KAPDA::#46] - AjaxPortal Authentication Bypass

KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection Authentication Bypass Exploitation: Remote with browser Description: -------------------- AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax...

iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS

Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS iDefense Security Advisory 06.13.06 http://www.idefense.com/application/poi/display?type=vulnerabilities June 13, 2006 I. BACKGROUND Microsoft Windows Operating System is system software for Intel based PCs. More information can be found at t...

CORE-2006-0330: Asterisk PBX truncated video frame vulnerability

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Asterisk PBX truncated video miniframe vulnerability Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0330 Bugtraq ID: 18295 CVE Name: CVE-2006-2898 Title: Asterisk PBX truncated video...

CORE-2006-0327: IAXclient truncated frames vulnerabilities

Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ IAXclient truncated frames vulnerabilities Date Published: 2006-06-09 Last Update: 2006-06-09 Advisory ID: CORE-2006-0327 Bugtraq ID: 18307 CVE Name: N/A Title: IAXclient truncated frames vulnerabilities Class:...

[Full-disclosure] Secunia Research: Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities

====================================================================== Secunia Research 31/05/2006 - Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities - ====================================================================== Table of Contents Affected...

PuTTy.exe 0.53 - Validation Remote Buffer Overflow (Metasploit)

PuTTy.exe 0.53 - Validation Remote Buffer Overflow Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

PuTTy.exe 0.53 - Validation Remote Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

FreeBSD : drupal -- multiple vulnerabilities (faca0843-6281-11da-8630-00123ffe8333)

Secunia reports : Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks. 1 An input validation error in the filtering of HTML code can be exploited to...