Gitweb <=1.7.3.3 Cross Site Scripting

Exploit for cgi platform in category web applications -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure 0day.today...

PHP168 V6. 01/6. 0 2 elevation of privilege and storm the local path vulnerability-vulnerability warning-the black bar safety net

PHP168 whole Station is the PHP field of the current most powerful build system, The code is all open source, can be extremely convenient for secondary development, all modules can be freely installed and removed, individual users completely free to use PHPCMS V6. 0 1 There is a serious security...

gitWeb 1.7.3.3 - Cross-Site Scripting

gitWeb 1.7.3.3 - Cross-Site Scripting -8 Description 8--8 Proof Of Concept 8- " -8 Credits 8- -8 Responsible Disclosure 8- 13-12-2010 Initial contact with upstream and vendor-sec 13-12-2010 Vendor Response and CVE-2010-3906 assignation 15-12-2010 Public Disclosure...

iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability

iDefense Security Advisory 12.14.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

WAP form content can be leaked to other sites

When accepting user input in form fields on a WAP page, WML requires that the input contents are remembered, and used to populate every further input sharing the same name. This should continue as long as the user continues to click links known as a WAP session, even populating similarly named...

Abtp Portal Project 0.1.0 LFI Exploit

Exploit for php platform in category web applications ===================================== Abtp Portal Project 0.1.0 LFI Exploit ===================================== !/usr/bin/perl =about ---------------------------------------------------------------------------------------------------- Name :...

CVE-2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

DEBIAN-CVE-2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

CVE-2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

Design/Logic Flaw

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

CVE-2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

CVE-2010-4170

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

CVE-2010-4170

CVE-2010-4170 affects SystemTap, where the staprun runtime does not properly sanitize the environment before invoking modprobe in version 1.3, enabling a local user to escalate privileges by setting MODPROBE_OPTIONS to point to a malicious configuration file. Public references document this issue...

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

SuSE 11 Security Update : (SAT Patch Number 2544)

This update of the Samba server package fixes the following security issues : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 - Take extra care that a mount point of mount.cifs does not...

Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...

ImageShack Toolbar 4.8.3.75 - Remote Code Execution

// calc.exe var shellcode = unescape '%uc931%ue983%ud9de%ud9ee%u2474%u5bf4%u7381%u3d13%u5e46%u8395'+ '%ufceb%uf4e2%uaec1%u951a%u463d%ud0d5%ucd01%u9022%u4745%u1eb1'+ '%u5e72%ucad5%u471d%udcb5%u72b6%u94d5%u77d3%u0c9e%uc291%ue19e'+ '%u873a%u9894%u843c%u61b5%u1206%u917a%ua3...

Systemtap: Insecure loading of modules

The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBEOPTIONS environment variable to specify a malicious configuration file...

Debian Security Advisory DSA 2122-1 (glibc)

The remote host is missing an update to glibc announced via advisory DSA 2122-1. OpenVAS Vulnerability Test $Id: deb21221.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2122-1 glibc Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

CVE-2010-4236

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ESLIBRARYPATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different...