9473 matches found
DOINGSOFT-2008-03-10-001.txt
Identification : DOINGSOFT-2008-03-10-001 CVE-ID : pending Discovery date : 14/12/2007 Correcting Date : 03/04/2008 How to get the patch : http://support.businessobjects.com/downloads/criticalhotfixes/default.asp choose "FixPack 3.5" Publishing date : 14/04/2008 Product : Business Object Infoview...
DOINGSOFT-2008-03-10-001 - XSS issue in BOXiR2
Identification : DOINGSOFT-2008-03-10-001 CVE-ID : pending Discovery date : 14/12/2007 Correcting Date : 03/04/2008 How to get the patch : http://support.businessobjects.com/downloads/criticalhotfixes/default.asp choose "FixPack 3.5" Publishing date : 14/04/2008 Product : Business Object Infoview...
CVE-2008-1710
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable...
Code injection
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...
CVE-2008-1142
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...
Apache-SSL multiple security vulnerabilities
Multiple vulnerabilities on environment variable initialization from client certificates data...
aeries-sqlxss.txt
Discovered By : Arsalan Emamjomehkashan aeries browser interfaceABI 3.8.3.14 Remote SQL Injection Website:http://aeries.com/ SQL injection: GradebookOptions.asp?GrdBk=SQL loginproc.asp If you post variable "SchlCode" XSS: UserName variable on loginproc.asp and usr on Login.asp...
Apple Safari Window.setTimeout变量内容欺骗漏洞
BUGTRAQ ID: 28405 Safari是苹果家族操作系统默认所捆绑的WEB浏览器。 Safari的Window.setTimeout变量没有正确地切换页面之间的导航,攻击者可能强制浏览器打开一个站点的窗口,而用其他函数覆盖页面的内容,这样就可以欺骗地址栏,执行网络钓鱼攻击。 Apple Safari 3.1 Apple ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.apple.com html Safari browser 3.1 525.13 spoofing by Juan Pablo...
PostNuke 0.764 - Blind SQL Injection
!/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / ================================================================================================= This was a priv8 Exploit...
XSS in PHP-Nuke (eWeather module)
//////////XSS in PHP-Nuke eWeather module PHP-Nuke http://phpnuke.org: PHP-Nuke is a news automated system specially designed to be used in Intranets and Internet. The Administrator has total control of his web site, registered users, and he will have in the hand a powerful assembly of tools to...
phpcms injection March New Year 0day-vulnerability warning-the black bar safety net
Affected versions: 2007SP5 SP6 Vulnerability file:/formguide/include/tag.func.php Author: backerhack small cockroaches Sources of information: the zero Client Network Security www.0kee.com I wish the National female compatriots happy holidays, concerned about the health of women... “she is good, ...
SiteBuilderElite 1.2 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. --==+================================================================================+==-- --==+ SiteBuilderElite1.2 Multiple Remote File Inclusion +==-- --==+================================================================================+==-- Author: MhZ91...
SiteBuilderElite 1.2 Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications =================================================================== SiteBuilderElite 1.2 Multiple Remote File Inclusion Vulnerabilities ===================================================================...
SiteBuilderElite 1.2 - Multiple Remote File Inclusions
--==+================================================================================+==-- --==+ SiteBuilderElite1.2 Multiple Remote File Inclusion +==-- --==+================================================================================+==-- Author: MhZ91 Title: SiteBuilderElite1.2 Multiple...
sbe-rfi.txt
--==+================================================================================+==-- --==+ SiteBuilderElite1.2 Multiple Remote File Inclusion +==-- --==+================================================================================+==-- Author: MhZ91 Title: SiteBuilderElite1.2 Multiple...
SiteBuilderElite 1.2 - Multiple Remote File Inclusions
SiteBuilderElite 1.2 - Multiple Remote File Inclusions --==+================================================================================+==-- --==+ SiteBuilderElite1.2 Multiple Remote File Inclusion +==-- --==+================================================================================+==...
SLAED CMS 2.5 Lite (newlang) Local File Inclusion Vulnerability
No description provided by source. SLAED CMS 2.5 Lite Local file inclusion Script url http://www.slaed.net/uploads/files/public/SLAEDCMS2.5Lite.zip Lets code in function/sources.php: 780: // Format language 781: function getlang$module="" 782: global $multilingual, $currentlang, $language,...
httpd mod_proxy_balancer crash
The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...
CVE-2008-0369
IBM Informix Dynamic Server (IDS) 10.x prior to 10.00.xC8 is affected by a local file-creation vulnerability involving the SQLIDEBUG environment variable. When set, several set-UID binaries log to the specified file and change the file’s ownership to the invoking user, enabling local privilege es...
Debian: Security Advisory (DSA-1328-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...