3518 matches found
Problems with the scripts by Solution Scripts
!/possible/exploits/by/b0iler scripts from: http://solutionscripts.com don't take anything I say too seriously in this, as it is mostly guess work. Problems with the scripts by Solution Scripts solution script's powerlist script: It seems the author doesn't check for anything when removing user's...
Entrust - getAccess
hola friends, getAccesstm is used as a single-sign-on system often used for large internet-portals. --- snip http://www.entrust.com --- Entrust GetAccesstm offers the most comprehensive solution for consistently deploying and enforcing basic and enhanced security across online applications, from...
Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure
Cosmicperl Directory Pro 2.0 - Arbitrary File Disclosure source: https://www.securityfocus.com/bid/2793/info Webdirectory Pro is a web application used to create a searchable directory of links developed by Cosmicperl. Webdirectory Pro contains an input validation vulnerability which may lead to...
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read
Drummond Miles A1Stats 1.0 - a1disp3.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...
NCM Content Management System - content.pl Input Validation
source: https://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. A problem with the Content Manageme...
Caucho Technology Resin 1.21.3 - JavaBean Disclosure
Caucho Technology Resin 1.21.3 - JavaBean Disclosure source: https://www.securityfocus.com/bid/2533/info A specially constructed HTTP request could enable a remote attacker to gain read access to any known JavaBean file residing on a host running Resin. On Resin webservers, JavaBean files reside ...
Brian Stanback bslist.cgi 1.0 - Remote Command Execution
Brian Stanback bslist.cgi 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the...
rpc.statd vulnerable to remote root compromise via format string stack overwrite
Overview The CERT/CC has begun receiving reports of an input validation vulnerability in the rpc.statd program being exploited. This program is included, and often installed by default, in several popular Linux distributions. Please see the vendors section of this document for specific informatio...
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other users...
new vulnerability in Netscape effectively disables SSL server auth
-----BEGIN PGP SIGNED MESSAGE----- Introduction ============ This vulnerability defeats SSL server authentication in Netscape 4.73 and earlier versions. This is a new vulnerability unrelated to CERT advisory 2000-5. However, it has a similar devastating effect: destroying SSL server authenticatio...
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation
SGI IRIX 6.2 - midikeyssoundplayer Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/909/info SGI's Irix operating system ships with an X11 application called 'soundplayer' which is used to play .WAV files. It is not setuid root by itself, but can inherit root privileg...
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable
source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges ...
Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal
Microsoft Windows 95Windows for Workgroups - smbclient Directory Traversal source: https://www.securityfocus.com/bid/1884/info Samba is a set of of programs that allow Windows® clients access to a Unix server's filespace and printers over NetBIOS. A directory traversal vulnerability exists in...
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution (2)
HP-UX 1011 IRIX 3456 OpenSolaris build snv Solaris 8910 SunOS 4.1 - rpc.ypupdated Command Execution 2 HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution 2 source: https://www.securityfocus.com/bid/1749/info The 'rpc.ypupdated'...
ROS-2-1602
2.1602 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
CVE-2024-50343: Incorrect response from Validator when input ends with ` `
More info at https://symfony.com/cve-2024-50343...
Contextual Links validation - Critical - Remote Code Execution
More info at https://www.drupal.org/sa-core-2018-006...
Security Update For Exchange Server 2019 CU6 (KB4581424)
A Microsoft Exchange information disclosure exists in how tokens are validated when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user...