Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities

Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities Name Multiple Vulnerabilities in Mantis Systems Affected Mantis 1.1.1 and possibly earlier versions Severity High Impact CVSSv2 High 9/10, vector: AV:N/AC:L/Au:N/C:C/I:P/A:P Vendor http://www.mantisbt.org/ Advisory...

cpanel-root.txt

By : Ali Jasbi IHST security & hacking Research team WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege Th3 r00t how it's work ? when u want to create an account in shell what will...

Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...

oracleasp-bypass.txt

Affected Software/Device: Oracle Application Server Portal Vulnerability: Authentication Bypass Tested Version: 10G Risk: Medium Description: Oracle Application Server Portal OracleAS Portal is a Web-based application for building and deploying portals. It provides a secure, manageable environmen...

ZYWALL Referer Header XSS Vulnerability

Affected Software/Device: Zyxel ZYWall 100 Vulnerability: Cross Site Scripting Risk: Low Description: The ZyWALL 100 is designed to act as a secure gateway via xDSL/Cable modems or broadband routers for small to medium size companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN...

Bugzilla绕过安全限制和跨站脚本漏洞

BUGTRAQ ID: 29038 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞执行跨站脚本攻击或获取非授权访问。 在使用BUG列表的Format for Printing或Long Format时，没有过滤$bugids等参数的输入便返回给了用户，这可能允许攻击者执行跨站脚本攻击，在用户浏览器会话中执行任意HTML和脚本代码。...

Prediction Football 1.x (matchid) Remote SQL Injection Vulnerability

No description provided by source. / Prediction Football v 1.x Remote SQL INJECTION Discovered by 0in from Dark-Coders Programming & Security Group. !!!!!! http://dark-coders.4rh.eu !!!!!! Contact: 0indotemailatgmaildotcom Greetz to all Dark-Coders Group Members: DieAngel, Sun8hclf, M4r1usz,...

Prediction Football 1.x - matchid SQL Injection

Prediction Football 1.x - matchid SQL Injection / Prediction Football v 1.x Remote SQL INJECTION Discovered by 0in from Dark-Coders Programming & Security Group. !!!!!! http://dark-coders.4rh.eu !!!!!! Contact: 0indotemailatgmaildotcom Greetz to all Dark-Coders Group Members: DieAngel, Sun8hclf,...

Prediction Football 1.x (matchid) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Prediction Football 1.x matchid Remote SQL Injection Vulnerability ==================================================================== / Prediction Football v 1.x Remote...

OTRS SOAP Interface Unauthenticated Object Manipulation

The remote host is running OTRS, a web-based ticketing request system. The version of OTRS installed on the remote host allows a remote attacker to read and modify objects via the OTRS SOAP interface without any credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.5.1-1.fc7

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

blackboard-xss.txt

//////////////////////////////////////////////////////////////////////////////// //Note: //The full version of this report in pdf format available at my blog: //http://www.secskill.wordpress.com // OR : //http://www.scribd.com/doc/2363025/Blackboard-Academic-Suite-Multiple-XSS-Vulnerabilities-...

[SECURITY] Fedora 7 Update: horde-3.1.7-1.fc7

The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...

[SECURITY] Fedora 8 Update: horde-3.1.7-1.fc8

The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...

Cacti: Multiple vulnerabilities

Background Cacti is a web-based network graphing and reporting tool. Description The following inputs are not properly sanitized before being processed: "viewtype" parameter in the file graph.php, "filter" parameter in the file graphview.php, "action" and "loginusername" parameters in the file...

phpMyAdmin: SQL injection vulnerability

Background phpMyAdmin is a free web-based database administration tool. Description Richard Cunningham reported that phpMyAdmin uses the $REQUEST variable of $GET and $POST as a source for its parameters. Impact An attacker could entice a user to visit a malicious web application that sets an...

Mantis: Cross-Site Scripting

Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...

[SECURITY] Fedora 8 Update: horde-3.1.6-1.fc8

The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...

[SECURITY] Fedora 7 Update: horde-3.1.6-1.fc7

The Horde Framework provides a common structure and interface for Horde applications such as IMP, a web-based mail program. This RPM is required for all other Horde module RPMs. The Horde Project writes web applications in PHP and releases them under Open Source licenses. For more information...

Centreon include/doc/get_image.php 'img' Parameter Traversal Arbitrary File Access

The remote host is running Centreon or Oreon, a web-based network supervision program based on Nagios. The version of Centreon / Oreon installed on the remote host fails to sanitize user-supplied input to the 'img' parameter of the 'include/doc/getimage.php' script before using it to display the...