pluggedBlog.txt

Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...

Metasploit Framework Defanged mode protection bypass

It's possible to overwrite Defanged environment variable with StateToOptions function...

squirrelmail security update

CentOS Errata and Security Advisory CESA-2005:595 An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released wi...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes two security issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 04 Aug 2005 The previous SquirrelMail package released with this errata contained a bug which rendered the...

Easypx41 - Multiple Variable Injection Vulnerabilities

Easypx41 - Multiple Variable Injection Vulnerabilities source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged...

Easypx41 - Multiple Variable Injection Vulnerabilities

source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further...

beehiveVulns.txt

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...

Beehive Forum Multiple Vulnerabilities

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...

CVE-2005-2328

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFGPATH variable...

CVE-2004-2264

GNU less versions 358–382 contain a format-string bug in the open_altfile function (filename.c) that may allow local users to cause a denial of service or possibly execute arbitrary code via the LESSOPEN environment variable. The PT-2004-3159 advisory notes this is not a vulnerability unless priv...

CVE-2004-2264

Format string bug in the openaltfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a...

Sun Solaris LD_AUDIT privilege escalation

LDAUDIT environment variable allows to attch external dynamic library compiled with ld.so library. In addition, there is buffer overflow while parsing this variable...

SquirrelMail Arbitrary Variable Overwriting Vulnerability

GulfTech Security Research July 14th, 2005 Vendor : The SquirrelMail Project Team URL : http://www.squirrelmail.org/ Version : SquirrelMail 1.4.5-RC1 && Earlier Risk : Variable Overwriting Description: SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP...

CVE-2002-2017

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd...

CVE-2002-2018

CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.

Debian DSA-756-1 : squirrelmail - several vulnerabilities

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1769 Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject...

squirrelmail -- _$POST variable handling allows for various attacks

A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...

FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...

FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...