FreeBSD : golddig -- local buffer overflow vulnerabilities (949c470e-528f-11d9-ac20-00065be4b5b6)

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...

phpSecurePages cfgProgDir Variable File Include Vulnerabilities

The remote host is running phpSecurePages, a PHP module used to secure pages with a login name / password. The installed version of phpSecurePages allows remote attackers to control the 'cfgProgDir' variable used when including PHP code in several of the application's scripts. By leveraging this...

CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

DEBIAN-CVE-2005-2109

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use...

CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

CVE-2005-2072

The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...

CVE-2002-1687

Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable...

CVE-2002-1757

PHProjekt 2.0 through 3.1 relies on the $PHPSELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATHINFO portion of the $PHPSELF variable, as demonstrated using...

CVE-2002-1721

Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service crash via an x-header that causes snprintf overwrite the FFGETFILE variable with a null byte...

lpanelClient.txt

Subject: Lpanel.NET's Lpanel all versions up to and including 1.59 is vulnerable to the unauthorized viewing of client invoice information. Severity: High; This vulnerability allows an attacker unauthorized viewing of other clients' invoice information. Preamble: Taken from http://www.lpanel.net/...

SquirrelMail < 1.4.5 Multiple Vulnerabilities

Binary data 3016.prm...

SquirrelMail < 1.45 Multiple Vulnerabilities

According to its banner, the version of SquirrelMail installed on the remote host is prone to multiple flaws : - Post Variable Handling Vulnerabilities Using specially crafted POST requests, an attacker may be able to set random variables in the file 'optionsidentities.php', which could lead to...

File Upload Manager Sploits

Below is some code for a recent unpatched exploit for file managers using php as the base code. Share this with the world and help protect. File Upload Manager - Bypass File Extension and Arbitrary File Delete nothing to see here @ hackthissite.org Through an input validation flaw, users are able...

CVE-2005-1956

File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '' six tildes, which bypasses the file extension checks...

C.J. Steele Tattle - Remote Command Execution

source: https://www.securityfocus.com/bid/13883/info tattle is affected by a remote command execution vulnerability. An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in the context of the application. An attacker can...

C.J. Steele Tattle - Remote Command Execution

C.J. Steele Tattle - Remote Command Execution source: https://www.securityfocus.com/bid/13883/info tattle is affected by a remote command execution vulnerability. An attacker can supply arbitrary commands prefixed with the '|' character as a value for the 'tld' variable that will be executed in t...

CVE-2005-1787

CVE-2005-1787 affects phpStat 1.5; setup.php contains a flaw where remote attackers can bypass authentication and gain administrator privileges by setting the $check variable. The connected documents confirm this vulnerability but do not provide detailed exploit steps or patches within the given ...

Fedora Core 2 : mysql-3.23.58-16.FC2.1 (2005-305)

Sat Apr 2 2005 Tom Lane 3.23.58-16.FC2.1 - Repair uninitialized variable in security2 patch. - Enable testing on 64-bit arches; continue to exclude s390x which still has issues. - Fri Mar 18 2005 Tom Lane 3.23.58-15.FC2.1 - Backpatch repair for CVE-2005-0709, CVE-2005-0710, CVE-2005-0711...

Low: Red Hat Security Advisory: glibc security update

Updated glibc packages that address several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The GNU libc packages known as glibc contain the standard C libraries used by applications. It was discovered that the use of LDDEBUG...

CVE-2005-1598

SQL injection vulnerability in Invision Power Board IPB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash passhash that modifies the internal $pid variable...