7575 matches found
Gallery < 1.5.8 modules.php phpEx Parameter Traversal Local File Inclusion
Binary data 4619.prm...
NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow Exploit
No description provided by source. ----------------------------------------------------------------------------- NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow url: http://www.nctsoft.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net This was written for...
@Mail多个本地信息泄漏漏洞
BUGTRAQ ID: 30434 CNCAN ID:CNCAN-2008073104 @Mail是一款基于WEB的邮件服务程序。 @Mail存在两个安全问题,远程攻击者可以利用漏洞获得敏感信息。 问题是webmail/libs/Atmail/Config.php和webmail/webadmin/.htpasswd文件存在全局可读权限,可导致获得数据库用户和密码,或WEBADMIN密码的MD5哈希值。 AtMail @Mail 5.41 目前没有解决方案提供: http://atmail.com/...
[SECURITY] Fedora 9 Update: phpMyAdmin-2.11.8.1-1.fc9
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
Trac Wiki引擎跨站脚本执行漏洞
BUGTRAQ ID: 30400 CVECAN ID: CVE-2008-3328 Trac是用Python编写的基于Web的事件跟踪系统。 Trac的Wiki引擎没有正确地验证某些参数便返回给了用户,远程攻击者可以通过向服务器提交恶意请求执行脚本注入或跨站脚本攻击。 Edgewall Software Trac 0.10.5 Edgewall Software ----------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz...
[SECURITY] Fedora 9 Update: mantis-1.1.2-1.fc9
Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...
HP System Management Homepage < 2.1.12 Unspecified XSS
The remote host appears to be running HP System Management Homepage SMH, a web-based management interface for ProLiant and Integrity servers. The version of HP SMH installed on the remote host fails to sanitize user input to an unspecified parameter and script before using it to generate dynamic...
Wordtrans-web exec_wordtrans Function Arbitrary Command Execution
The remote host is running wordtrans-web, a web-based front-end for wordtrans, for translating words. The version of wordtrans-web installed on the remote host fails to sanitize input to the 'advanced' parameter of the 'wordtrans.php' script before using it in an 'passthru' statement to execute P...
[SECURITY] Fedora 8 Update: horde-3.2.1-1.fc8
The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...
[SECURITY] Fedora 9 Update: horde-3.2.1-1.fc9
The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...
DUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =================================================================== DUcalendar 1.0 detail.asp iEve Remote SQL Injection Vulnerability =================================================================== DUcalendar v 1.0 detail.asp?iEve=...
Virtual Support Office-XP <= 3.0.29 Multiple Remote Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...
virtualsupport-multi.txt
www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory: www.bugreport.ir/?/47 1. Description: Virtual Suppo...
Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: Virtual Support Office-XP Multiple Vulnerabilities. Vendor: www.vso-xp.com Vulnerable Version: 3.0.29, 3.0.27 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory: www.bugreport.ir/?/47 1. Description: Virtual Suppo...
Lyris ListManager read/search/results words Parameter XSS
The remote host is running ListManager, a web-based commercial mailing list management application from Lyris. The version of ListManager installed on the remote host fails to sanitize user input to the 'words' parameter of the 'read/search/results' script before including it in dynamic HTML...
[Full-disclosure] S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)
S21Sec Advisory - Title: OpenDocMan Cross Site Scripting XSS ID: S21sec-044-en Severity: Low History: 15.Apr.2008 Vulnerability discovered 16.Apr.2008 Vendor contacted 27.May.2008 Patch available Scope: Cross Site Scripting XSS Platforms: Any Author: Sergi Rosell [email protected] URL:...
absolute-screwups.txt
www.BugReport.ir AmnPardaz Security Research Team Title: Xigla Multiple Products - Multiple Vulnerabilities Vendor: http://www.xigla.com/ Exploit: N/A Impact: Medium Fix: N/A Original Advisory: http://bugreport.ir/index.php?/41 1. Description: Xigla company has several web based products From...
XEROX DocuShare URL XSS Injection Vulnerabilities
XEROX DocuShare URL XSS Injection Vulnerabilities Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
xerox-xss.txt
XEROX DocuShare URL XSS Injection Vulnerabilities Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
desknet's buffer overflow vulnerability
Overview desknet's, web-based groupware, contains a buffer overflow vulnerability. Impact A remote attacker could execute an arbitrary command or code, or cause the DoS denial of service condition. Solution None...