92 matches found
[eVuln] Magic Downloads Unauthorized Data Modification
New eVuln Advisory: Magic Downloads Unauthorized Data Modification http://evuln.com/vulns/73/summary.html --------------------Summary---------------- eVuln ID: EV0073 CVE: CVE-2006-0722 Vendor: Reamday Enterprises Vendor's Web Site: http://reamdaysoft.com Software: Magic Downloads Sowtware's Web...
[eVuln] PHPenpals SQL Injection Vulnerabilit
New eVuln Advisory: PHPenpals SQL Injection Vulnerability --------------------Summary---------------- Vendor: Jevontec http://jevontech.com/ Software: PHPenpals Versions: 310704 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched Exploit: Available Solution: Not Available...
Heartbeat: Insecure temporary file creation
Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...
GLSA-200508-05 : Heartbeat: Insecure temporary file creation
The remote host is affected by the vulnerability described in GLSA-200508-05 Heartbeat: Insecure temporary file creation Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact : A local attacker could create symbolic links in the temporary...
SQL injection в конференции ConfYmI
SQL injection в конференции ConfYmI Название скрипта: ConfYmI Уязвимая версия: все Сайт производителя: www.310k.ru Автор: Konstantin Andrunin Дата: 22/01/2004 Уязвимость найдена в скрипте 'index.php' . Вследствии плохой проверки переменных $login , $password , удалённый пользователь может внедрит...
Webfroot Shoutbox 2.32 - Viewshoutbox.php Cross-Site Scripting
Webfroot Shoutbox 2.32 - Viewshoutbox.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9289/info Webfroot Shoutbox is prone to a cross-site scripting vulnerability in the 'viewshoutbox.php' script. The source of the problem is that HTML and script code are not adequately sanitiz...
Xoops 2.0.5.1 - 'MyLinks Myheader.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9269/info Xoops is prone to a cross-site scripting vulnerability in the 'myheader.php' script included in the mylinks module. A remote attacker could exploit this issue by embedding hostile HTML and script code in a malicious link to the vulnerable script...
SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...
McNews 1.3 : File Disclosure Vulnerability
The vulnerable script is mcnewsroot/admin/header.php Exploit it with : header.php?voir=1&skinfile=skin/../../../file/to/view...
SPGPartenaires 3.0.1 - ident.php SQL Injection
SPGPartenaires 3.0.1 - ident.php SQL Injection source: https://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various P...
PHP 4 - PHPInfo() Cross-Site Scripting
PHP 4 - PHPInfo Cross-Site Scripting source: https://www.securityfocus.com/bid/7805/info Scripts that include the PHP phpinfo debugging function may be prone to cross-site scripting attacks. This could permit remote attackers to create a malicious link to a vulnerable PHP script that includes...
Windmail.exe Shell Metacharacter Arbitrary Command Execution
The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...