Lucene search
+L

5148 matches found

securityvulns
securityvulns
added 2002/09/10 12:0 a.m.139 views

sql injection vulnerability in WBB 2.0 RC1 and below

Hi, I discovered a serious vulnerability in Woltlab Burning Board 2.0 RC 1 and below some weeks ago. The latest version WBB 2.0 RC 2 seems not vulnerable, but there are still sites using vulnerable versiones. versions tested vulnerable WBB 2.0 RC 1 WBB 2.0 beta 5 WBB 2.0 beta 4 WBB 2.0 beta 3...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2002/08/15 12:0 a.m.28 views

TinySSL Vendor Statement: Basic Constraints Vulnerability

TinySSL is an open source, compact 125k jar, SSLv3 client implementation written in Java 1.1+. Version 1.02 and earlier is vulnerable to the attack posted last week by Mike Benham: http://online.securityfocus.com/archive/1/286290 An updated version 1.03 has been posted which fixes this...

0.3AI score
Exploits0
OSV
OSV
added 2002/08/13 12:0 a.m.34 views

DSA-149 glibc - integer overflow

Bulletin has no description...

10CVSS9.4AI score0.58133EPSS
Exploits3
OSV
OSV
added 2002/08/01 12:0 a.m.28 views

DSA-138 gallery - remote exploit

Bulletin has no description...

7.5CVSS6.1AI score0.39498EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2002/06/17 12:0 a.m.5 views

PT-2002-1447 · Apache · Apache +1

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3 through 1.3.24 Apache versions 2.0 through 2.0.36 Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes the software to...

7.5CVSS7.9AI score0.95027EPSS
Exploits8References55
CERT
CERT
added 2002/06/05 12:0 a.m.37 views

Yahoo! Messenger contains buffer overflow in "message" field

Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "message" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "message" field that may permit a remote attacker to execute arbitra...

7.5CVSS7.9AI score0.06955EPSS
Exploits0References3
Debian
Debian
added 2002/03/19 3:7 p.m.14 views

[SECURITY] [DSA-123-1] listar buffer overflow

Package : listar Problem type : remote exploit Debian-specific: no Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow in the addressmatch of listar a listserv style mailing-list manager. This has been fixed in version 0.129a-2.potato1. wget url will fetch the file for you dpkg...

6AI score
Exploits0
securityvulns
securityvulns
added 2002/01/23 12:0 a.m.31 views

[SECURITY] [DSA-105-1] enscript creates temporary files insecurely

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-105-1 [email protected] http://www.debian.org/security/ Wichert Akkerman January 21, 2002 -...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2002/01/21 12:0 a.m.46 views

Bounce vulnerability in SpoonFTP 1.1.0.1

The vulnerability: The FTP server is vulnerable to the FTP bounce attack, even against ports lower than 1024. Vendor Response: Pi-Soft have created a new version that among other things fix this vulnerability. Their response was very nice and quick. /Arne Vidstrom, http://ntsecurity.nu...

1.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2001/12/31 12:0 a.m.10 views

PT-2001-2592 · Openssh +1 · Openssh +1

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 3.0.1 Description: The issue concerns improper user authentication when Kerberos V is enabled. This could potentially allow remote attackers to login without being challenged. Recommendations: For versions prior to...

10CVSS8AI score0.99506EPSS
Exploits208References338
CERT
CERT
added 2001/12/20 12:0 a.m.22 views

Advanced Poll does not adequately authenticate users

Overview Advanced Poll is a polling system written in PHP for use on web sites. When a flat file database is used, Advanced Poll does not adequately authenticate users, thereby allowing any user to gain Advanced Poll administrative privileges. Description On versions of Advanced Poll older than...

7.4AI score
Exploits0References2
Debian
Debian
added 2001/12/16 1:42 a.m.17 views

[SECURITY] [DSA-094-1] mailman cross-site scripting problem

Package : mailman Problem type : cross-site scripting hole Debian-specific: no Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2001/12/03 12:0 a.m.42 views

Interactive Story story.pl next Parameter Traversal Arbitrary File Access

By requesting : GET /cgi-bin/story.pl?next=../../../filetoread%00 An attacker may use this flaw to read arbitrary files on this server. %NASLMINLEVEL 70300 This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title 1/13/2009 ...

5CVSS5.6AI score0.03669EPSS
Exploits1References1
Debian
Debian
added 2001/10/18 8:33 p.m.15 views

[SECURITY] [DSA 084-1] New gftp packages won't display the password

-------------------------------------------------------------------------- Debian Security Advisory DSA 084-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : gftp...

7.3AI score
Exploits0
Debian
Debian
added 2001/06/16 5:57 p.m.18 views

[SECURITY] [DSA-061-1] multiple gnupg problems

Package : gnupg Problem type : printf format attack web of trust pollution Debian-specific: no The version of GnuPG GNU Privacy Guard, an OpenPGP implementation as distributed in Debian GNU/Linux 2.2 suffers from two problems: fish stiqz reported on bugtraq that there was a printf format problem ...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2001/03/14 12:0 a.m.28 views

More Icecast remote vulnerabilities

Following the announcement yesterday about buffer overflow vulnerabilities in Icecast, Andreas Hasenack [email protected] identified several more likely buffer overflow vulnerabilities. Matt Messier [email protected] took a look, and determined that at least some of them are definitely...

2.4AI score
Exploits0
securityvulns
securityvulns
added 2001/02/28 12:0 a.m.61 views

Sudo version 1.6.3p6 now available

Sudo version 1.6.3p6 is now available ftp sites listed at the end. This fixes a buffer overflow in sudo which is a potential security problem. I don't know of any exploits that currently exist but I suggest that you upgrade none the less. Sudo has a good track record wrt secure coding, but this o...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2001/02/08 12:0 a.m.30 views

Vulnerability in Soft Lite ServerWorx

----- Begin Hush Signed Message from [email protected] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web roo...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2000/12/13 12:0 a.m.37 views

Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.

note : This is not apparent in the commercial versions, tested on three different versions the author was notified and appropriate changes have since been made. product page - http://www.cgiscriptcenter.com/subscribe/index2.html vendor notice - Security Advisory: Users of Subscribe Me Lite 1.0 -...

Exploits0
securityvulns
securityvulns
added 2000/12/02 12:0 a.m.33 views

[SECURITY] [DSA-002-1] fsh symlink attack

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-002-1 [email protected] http://www.debian.org/security/ Wichert Akkerman November 30, 2000 -...

0.1AI score
Exploits0
Rows per page
Query Builder