X7 Chat index.php day Parameter SQL Injection

The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to sanitize input to the 'day' parameter of the 'index.php' script when 'page' is set to 'event' before using it in 'sources/infobox.php' to construct database...

[SECURITY] Fedora 8 Update: mantis-1.1.0-1.fc8

Mantis is a web-based bugtracking system. It is written in the PHP scripting language and requires the MySQL database and a webserver. Mantis has been installed on Windows, MacOS, OS/2, and a variety of Unix operating systems. Any web browser should be able to function as a client. Documentation...

OpenBiblio < 0.6.0 Multiple Vulnerabilities

Binary data 4327.prm...

[Full-disclosure] FAQMasterFlexPlus multiple vulnerabilities

Security Advisory - - FAQMasterFlexPlus multiple vulnerabilities - --------------------------------------------------------------- Product: FAQMasterFlexPlus Version: Latest version is affected, other not tested Vendor: http://www.netbizcity.com Affected by: Cross-Site Scripting & SQL injection...

Gallery 2.2.4之前版本多个远程安全漏洞

BUGTRAQ ID: 27035 Gallery是基于Web的开源相册管理器。 Gallery的2.2.4之前版本存在多个安全漏洞，允许恶意用户泄露敏感信息、执行跨站脚本攻击、绕过安全限制或入侵有漏洞的系统。 1 Publish XP模块中的漏洞可能导致未经正确的授权便创建和上传文件。 2 URL重写模块中的管理员控制器中的漏洞可能允许包含本地文件。 3 core和add-item模块中没有正确地过滤通过文件名所传送的输入，导致在用户浏览器会话中执行任意HTML和脚本代码。 4 Core/MIME模块中没有对上传文件的扩展名执行正确的检查。 5 Gallery...

MailMachine Pro 2.2.4 Remote SQL Injection Vulnerability

No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...

[Full-disclosure] Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities

ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point:...

PHPMySMS gateway.php远程文件包含漏洞

BUGTRAQ ID: 18633 PHPMySMS是一款开放源码的用PHP实现的基于Web的短信解决方案。 PHPMySMS的实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 远程攻击者可以利用PHPMySMS的gateway.php文件中的远程文件包含漏洞执行任意PHP代码。漏洞代码如下： ============================================================== if $POSTmode == "1" or $GETmode == "1" include "config.php"; else include...

MailMachine Pro 2.2.4 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== MailMachine Pro 2.2.4 Remote SQL Injection Vulnerability ======================================================== --------------------------------------------------------------- / | ...

ZYXEL P-330W - Multiple Vulnerabilities

ZYXEL P-330W - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/27024/info ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize...

MailMachine Pro 2.2.4 - SQL Injection

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Remote Sql...

Debian DSA-1423-1 : sitebar - several vulnerabilities

Several remote vulnerabilities have been discovered in sitebar, a web-based bookmark manager written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5491 A directory traversal vulnerability in the translation module allows remote authenticat...

[SECURITY] Fedora 8 Update: zabbix-1.4.2-4.fc8

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

[SECURITY] Fedora 7 Update: zabbix-1.4.2-3.fc7

ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers...

Cacti: SQL injection

Background Cacti is a complete web-based frontend to rrdtool. Description It has been reported that the "localgraphid" variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Impact A remote attacker could send a specially crafted request to the...

FTP Admin 0.1.0 (LFI/XSS/AB) Multiple Remote Vulnerabilities

No description provided by source. FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES by Omni 1 Infos --------- Date : 2007-11-28 Product : FTP Admin Version : v0.1.0 Vendor : http://sourceforge.net/projects/ftpadmin/ Vendor Status : 2007-11-30 Informed! Description : FTP admin is a web-based user...

ftpadmin-multi.txt

FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES by Omni 1 Infos --------- Date : 2007-11-28 Product : FTP Admin Version : v0.1.0 Vendor : http://sourceforge.net/projects/ftpadmin/ Vendor Status : 2007-11-30 Informed! Description : FTP admin is a web-based user administration tool, for usage in...

BitDefender Online Anti-Virus Scanner ActiveX OScan8.ocx / OScan8.ocx InitX Method Arbitrary Code Execution

The remote host contains the 'BDSCANONLINE' ActiveX control, used by the BitDefender Online Scanner, a web-based virus scanner. The version of this control installed on the remote host fails to properly validate Unicode values passed to the 'InitX' function as a domain key. If a remote attacker c...

Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...

[Full-disclosure] CVE-2007-3694: Cross site scripting &#40;XSS&#41; in broadcast machine

Source: http://int21.de/cve/CVE-2007-3694-bm.html Cross site scripting XSS in broadcast machine References http://www.getmiro.com/create/broadcast/ https://vulners.com/cve/CVE-2007-3694 Description Cross site scripting describes attacks that allow to insert malicious html or javascript code via g...