Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Arbitrary File Overwrite

Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Arbitrary File Overwrite // source: https://www.securityfocus.com/bid/10196/info Reportedly the Unreal Tournament Engine is affected by a local file overwrite vulnerability due to the UMOD manifest.ini file. This issue is due to an input...

Epic Games Unreal Tournament Engine 3 - UMOD Manifest.INI Arbitrary File Overwrite

// source: https://www.securityfocus.com/bid/10196/info Reportedly the Unreal Tournament Engine is affected by a local file overwrite vulnerability due to the UMOD manifest.ini file. This issue is due to an input validation error that allows a malicious user specify arbitrary files for writing,...

Mod_Survey security advisory: Script injection bug

This was published on the ModSurvey mailing list a few minutes ago. ModSurvey Security Advisory 2004-03-21, Script injection ABOUT MODSURVEY ---------------- ModSurvey is an Apache module which displays and handles questionnaires written in a special XML-based markup language. ModSurvey is...

Confixx 2 - 'DB' SQL Injection

source: https://www.securityfocus.com/bid/9830/info It has been reported that an input validation error with the potential for use in a SQL injection attack is present in the "dbmysqlloeschen2.php" script. When a user is requesting the "dbmysqlloeschen2.php" script, one of the parameters that can...

iDEFENSE Security Advisory 02.27.04b: Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass

Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass iDEFENSE Security Advisory 02.27.04b: http://www.idefense.com/application/poi/display?id=77&type=vulnerabiliti es February 27, 2004 I. BACKGROUND Internet Explorer is a set of core technologies in Microsoft Windows operating...

Xtreme ASP Photo Gallery

Tripbit Security Research tripbit.org Security Advisory Advisory ID: TA-150104 Release Date: January 15th, 2004 Application: Xtreme ASP Photo Gallery 2.0 Severity: Medium/High Impact: Admin access Class: Input Validation Error Vendor: http:// www.pensacolawebdesigns.com/ Overview...

TA-150104.txt

Tripbit Security Research tripbit.org Security Advisory Advisory ID: TA-150104 Release Date: January 15th, 2004 Application: Xtreme ASP Photo Gallery 2.0 Severity: Medium/High Impact: Admin access Class: Input Validation Error Vendor: http:// www.pensacolawebdesigns.com/ Overview...

Mambo Open Source 4.0.14 - 'PollBooth.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/9197/info Mambo Open Source is prone to SQL injection attacks. This is due to an input validation error in 'pollBooth.php'. In particular, various user-supplied variables are used in an SQL query without proper sanitization of SQL syntax. As a result, a...

Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access

Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access source: https://www.securityfocus.com/bid/8944/info It has been reported that Tritanium Bulletin Board may be prone to an access validation error that may allow a remote attacker to to gain unauthorized access to threads. A...

Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access

Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to...

Seyeon FlexWATCH Network Video Server 2.2 - Unauthorized Administrative Access

source: https://www.securityfocus.com/bid/8942/info It has been reported that FlexWATCH Network Video Server may be prone to an access validation error that may allow a remote attacker to gain administrative access to the system. The problem is reported to present itself when an attacker attempts...

Tritanium Scripts Tritanium Bulletin Board 1.2.3 - Unauthorized Access

source: https://www.securityfocus.com/bid/8944/info It has been reported that Tritanium Bulletin Board may be prone to an access validation error that may allow a remote attacker to to gain unauthorized access to threads. A remote attacker may be able to access sensitive data by modifying the URL...

Py-Membres 4.x - Pass_done.php SQL Injection

Py-Membres 4.x - Passdone.php SQL Injection source: https://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the passdone.php file...

Py-Membres 4.x - 'Pass_done.php' SQL Injection

source: https://www.securityfocus.com/bid/8500/info A vulnerability has been reported for Py-Membres that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the passdone.php file included with Py-Membres. Because of this, a...

Fusion News 3.3 - Unauthorized Account Addition

Fusion News 3.3 - Unauthorized Account Addition source: https://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow ...

Fusion News 3.3 - Unauthorized Account Addition

source: https://www.securityfocus.com/bid/8441/info Fusion News is prone to an access validation error allowing a user to add arbitrary user/administrator accounts through manipulating URI parameters. Successful exploitation of this error may allow a user to compromise a vulnerable system by...

ImageMagick's Overflow

ImageMagick's Overflow Rosiello Security's Advisory & DTORS http://www.rosiello.org I. BACKGROUND The ImageMagick display is an image viewer. ImageMagick is part of the KDE desktop and is bundled with all major Linux distributions. II. DESCRIPTION A vulnerability was found in this application tha...

Verity-K2Toolkit-Eng.txt

STG Security Advisory: SSA-20030701-02 Verity K2 Toolkit Query Builder XSS Vulnerability Revision 1.0 Date Published: 2003-07-01 KST Last Update: 2003-07-01 Disclosed by SSR Team [email protected] Summary =================== Verity's K2 Toolkit provides e-commerce developers with text...

SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)

Weakness in GoldMinetm Email Manager allows arbitrary code execution Systems: GoldMine 5.70 and 6.00 prior to version 30503 Vulnerable: 5.70.11111,5.70.20404,6.00.21021,6.00.30203,6.00.30403 Not Vulnerable: 5.70.30503, 6.00.30503 Severity: Serious Category: Arbitrary Execution of Code of Hackers...

XMMS Remote input validation error

Overview There is an input validation error in the stand-alone SOAP server XMMS Remote which allows unauthorized remote command execution. Description XMMS Remote is a stand-alone XML/SOAP HTTP server implemented in PERL created by X2 Studios. It is used to monitor a running xmms media player...