CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

PT-2008-5050 · Havp · Http Antivirus Proxy

Name of the Vulnerable Software and Affected Versions: HTTP Antivirus Proxy HAVP version 0.88 Description: The issue allows remote attackers to cause a denial of service by connecting to a non-responsive server, triggering an infinite loop due to an uninitialized variable. This occurs in the...

e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability

No description provided by source. GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107...

e107 download.php extract() Function Variable Overwrite

The version of e107 installed on the remote host contains an unsafe call to 'extract' in the 'download.php' script. An unauthenticated, remote attacker can leverage this issue to overwrite arbitrary PHP variables, leading to arbitrary PHP code execution, SQL injection, as well as other sorts of...

e107 <= 0.7.11 Arbitrary Variable Overwriting Vulnerability

Exploit for unknown platform in category web applications =========================================================== e107 = 0.7.11 Arbitrary Variable Overwriting Vulnerability =========================================================== GulfTech Security Research August 07, 2008 Vendor : Steve...

e107 0.7.11 - Arbitrary Variable Overwriting

e107 0.7.11 - Arbitrary Variable Overwriting GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php...

e107 &lt; 0.7.11 - Arbitrary Variable Overwriting

GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable...

Ruby multiple insufficient safe mode restrictions

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via 1 untracevar, 2...

e107 &lt;= 0.7.11 Arbitrary Variable Overwriting

GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107 suffers from an arbitrary variable...

Stack overflow

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...

CVE-2008-3389

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running 1 verifydb, 2 iimerge, or 3 csrepor...

xampp-xss.txt

---------------------------------------------------------------- Program : Xampp Linux 1.6.7 Type : Multiple Cross Site Scripting Vulnerabilities Alert : Medium ---------------------------------------------------------------- Download From :...

SAP MaxDB dbmsrv 进程PATH环境变量本地权限提升漏洞

BUGTRAQ ID: 30474 CVECAN ID: CVE-2008-1810 MaxDB是SAP应用中广泛使用的数据库管理系统。 当本地用户运行dbmcli程序时，MaxDB会代表用户执行dbmsrv进程。该进程负责执行用户命令，以sdba组的sdb用户权限运行。由于没有正确地过滤PATH环境变量，如果在变量前添加了攻击者所控制的路径的话，就可能导致以sdb:sdba权限执行任意指令。 SAP MaxDB 7.6.03.15 SAP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.sap.com/...

CVE-2008-1810

Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable...

CVE-2008-1810

Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable...

DEV WMS Multiple Vulnerabilities

---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities Local file inclusion / Cross Site Scripting / SQL Injection Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Cra...

devwms-lfisqlxss.txt

---------------------------------------------------------------- Script : DEV WMS Type : Multiple Vulnerabilities Local file inclusion / Cross Site Scripting / SQL Injection Alert : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Cra...

MJGuest 6.8 GT Cross Site Scripting Vulnerability

---------------------------------------------------------------- Script : MJGuest 6.8 GT Type : Cross Site Scripting Vulnerability Alert : Medium ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Our Team : IRCRASH My Official Website :...