Debian Security Advisory DSA 153-1 (mantis)

The remote host is missing an update to mantis announced via advisory DSA 153-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1328-1 (unicon-imc2)

The remote host is missing an update to unicon-imc2 announced via advisory DSA 1328-1. OpenVAS Vulnerability Test $Id: deb13281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1328-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1207-2 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 1207-2. The phpmyadmin update in DSA 1207 introduced a regression. This update corrects this flaw. For completeness, the original advisory text below: Several remote vulnerabilities have been discovered in phpMyAdmin, a...

Debian Security Advisory DSA 128-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 128-1. OpenVAS Vulnerability Test $Id: deb1281.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 128-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-354)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 153-1 (mantis)

The remote host is missing an update to mantis announced via advisory DSA 153-1. OpenVAS Vulnerability Test $Id: deb1531.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 153-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 756-1 (squirrelmail)

The remote host is missing an update to squirrelmail announced via advisory DSA 756-1. Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-1769 Martijn Brinkers...

Debian: Security Advisory (DSA-642-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 563-2 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory DSA 563-2. OpenVAS Vulnerability Test $Id: deb5632.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 563-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

DEBIAN-CVE-2007-6422

The balancerhandler function in modproxybalancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service child process crash via an invalid bb variable...

WordPress $_SERVER变量跨站脚本漏洞

BUGTRAQ ID: 26885 WordPress是一款免费的论坛Blog系统。 WordPress处理全局变量时存在漏洞，远程攻击者可能利用此漏洞控制导致跨站脚本执行攻击。 WordPress信任了$SERVER'REQUESTURI'全局变量，因此远程攻击者控制了$SERVER'REQUESTURI'就可以执行跨站脚本攻击。以下是/wp-includes/query.php文件中第34行的有漏洞函数： function isadmin global $wpquery; return $wpquery-isadmin || stripos$SERVER'REQUESTURI',...

kvaliitti-sql.txt

Found by: Jaakko "Chrysalid" Hartikainen 1. Info Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy http://www.kvaliitti.fi. It is driven by MS SQL Server and ASP. 2. Abstract WebDoc 3.0 suffers from a flaw in input validation, which allows...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

CVE-2007-5894

The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 krb5 does not initialize the length variable when authtype has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the...

[Full-disclosure] two bytehoard bugs

Application: Bytehoard Versions: 2.1 alpha to epsilon Release Date: 2007-11-26 Author: Ernesto Alvarez / Activesec SA Kudos to: Rodrigo Seguel / Activesec SA for suggesting the session destruction approach Contact info: ealvarez at activesec biz Developer response: None. No response to mail, foru...

bytehoard-multi.txt

Application: Bytehoard Versions: 2.1 alpha to epsilon Release Date: 2007-11-26 Author: Ernesto Alvarez / Activesec SA Kudos to: Rodrigo Seguel / Activesec SA for suggesting the session destruction approach Contact info: ealvarez at activesec biz Developer response: None. No response to mail, foru...

Talk about environment variables in the Hacking of use-vulnerability warning-the black bar safety net

This message has been sent to the Black hand of the tenth First, we first understand under what environment variables! Environment variable generally refers to in theoperating systemis used to specify theoperating systemthe operating environment of some parameters, such as the temporary folder...

meBiblio 0.4.5 - 'action' Remote File Inclusion

meBiblio 0.4.5 RFI --------------------- Author : ShAy6oOoN --------------------- Group : PitBull Crew --------------------- Script : meBiblio 0.4.5 --------------------- Download : http://downloads.sourceforge.net/mebiblio/meBiblio-0.4.5.tar.gz?modtime=1195237984&bigmirror=0 --------------------...

Directory traversal

Directory traversal vulnerability in IBM Informix Dynamic Server IDS before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable...

CVE-2007-5956

Directory traversal vulnerability in IBM Informix Dynamic Server IDS before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable...