CVE-2006-1914

DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid 1 fcategoryid parameter to topics.php or 2 unavariabile, 3 GLOBALS, or 4 SERVER parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue...

ChangeLog-2.6.16.9

commit 9d395d1961a0eeb9e8b1ef2854f3ca8f0b985266 Author: Greg Kroah-Hartman [email protected] Date: Tue Apr 18 23:10:14 2006 -0700 Linux 2.6.16.9 commit 7466f9e72dac13452d871a3fb72fc7bd9c93c864 Author: Andi Kleen [email protected] Date: Wed Apr 19 07:17:31 2006 +0200 PATCH i386/x86-64: Fix x87 information...

MyBB 1.1 - Global Variable Overwrite

source: https://www.securityfocus.com/bid/17564/info MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables. An attacker can exploit this issue to overwrite the global variables with...

MyBB global.php 'KILL_GLOBAL' Overwrite SQL Injection

The version of MyBB installed on the remote host is affected by a global variable overwrite vulnerability due to a failure to properly initialize global variables in the global.php script. A remote, unauthenticated attacker can exploit this issue to overwrite global variables to launch a SQL...

Directory traversal

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the 1 GLOBALSdatabasemodule or 2 GLOBALSlanguagemodule parameters, which overwrite the underlying $GLOBALS variable...

Mandrake Linux Security Advisory : openvpn (MDKSA-2006:069)

A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. %NASLMINLEVEL 70300 C Tenable Network...

dnGuestbook 2.0 - SQL Injection

/ | | | | | SECURITY ADVISORY | | | | | /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ advisory: dnGuestbook "dnGuestbook by design-nation.de Version" - 331 msn - "dnGuestbook by design-nation.de Version" - 249 conditions: php.ini - magicquotesgpc = Off greets: all security guys and coders ove...

Sql injection

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

Sql injection

Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 user123 variable in a login.php or b fpass.php; or 2 cid parameter to c visview.php...

AngelineCMS 0.8.1 (installpath) Remote File Inclusion Exploit

Exploit for unknown platform in category web applications ============================================================= AngelineCMS 0.8.1 installpath Remote File Inclusion Exploit ============================================================= !/usr/bin/perl AngelineCMS 0.8.1 installpath Remote Cod...

INDEXU 5.0.1 - base_path Remote File Inclusion

INDEXU 5.0.1 - basepath Remote File Inclusion !/usr/bin/perl INDEXU perl indexu.pl http://target.com/indexu/ http://target.com/cmd.txt cmd cmd shell example: cmd shell variable: $GETcmd;...

PHPNuke-Clan 3.0.1 (vwar_root2) Remote File Inclusion Exploit

Exploit for unknown platform in category web applications ============================================================= PHPNuke-Clan 3.0.1 vwarroot2 Remote File Inclusion Exploit ============================================================= !/usr/bin/perl PHPNuke-Clan 3.0.1 Remote File Inclusion...

CVE-2006-1499

SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI SERVERREQUESTURI variable...

WebGUI < 6.7.6 arbitrary command execution

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...

Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000

Description SLAB500 is a complete, dynamic, modular web-system designed to your specifications, allowing you to quickly and conveniently update all your content, add new pages, upload images, sounds and video from any browser, via our front-end interface from any location that you have web access...

Buffer overflow

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

CVE-2006-1141

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

Cross site scripting

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-1089

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...