7575 matches found
Debian DSA-1404-1 : gallery2 - programming error
Nicklous Roberts discovered that the Reupload module of Gallery 2, a web-based photo management application, allowed unauthorized users to edit Gallery's data file. The oldstable distribution sarge does not contain a gallery2 package. The previous gallery package is not affected by this...
[SECURITY] [DSA 1404-1] New gallery2 packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1404-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 8th, 2007 http://www.debian.org/security/faq -...
ManageEngine OpManager Login.do Multiple Parameter XSS
The remote host is running ManageEngine OpManager, a web-based network management application. The version of ManageEngine OpManager installed on the remote host fails to sanitize user input to the 'requestid' parameter of the 'jsp/Login.do' script before using it to generate dynamic content. An...
[SECURITY] Fedora 7 Update: phpMyAdmin-2.11.2-1.fc7
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...
CodeWidgets Web Based Alpha Tabbed Address Book Index.ASP SQL注入漏洞
CodeWidgets Web Based Alpha Tabbed Address Book是一款基于ASP的WEB应用程序。 CodeWidgets Web Based Alpha Tabbed Address Book不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL攻击,获得敏感信息或操作数据库。 问题是由于'index.asp'脚本对用户提交的'alpha'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,攻击者可以获得敏感信息或操作数据库。 CodeWidgets Web Based Alpha Tabbed Address Book...
wba-sql.txt
http://Aria-Security.Net ------------------------------------ Web based alpha tabbed address book SQL Injection codewidgets.com Poc index.asp?alpha='SQL INJECTION Credits Goes To Aria-Security Team Regards, The-0utl4w...
Debian DSA-1389-2 : zoph - missing input sanitising
It was discovered that zoph, a web-based photo management system, performs insufficient input sanitising, which allows SQL injection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1389...
Aria-Security.Net [Web based alpha tabbed address book SQL Injection]
http://Aria-Security.Net ------------------------------------ Web based alpha tabbed address book SQL Injection codewidgets.com Poc index.asp?alpha='SQL INJECTION Credits Goes To Aria-Security Team Regards, The-0utl4w...
CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection
source: https://www.securityfocus.com/bid/26193/info CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
DSA-1389-2 zoph - SQL injection
Bulletin has no description...
DEBIAN-CVE-2007-5380
Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."...
Cisco Unified Communications管理应用程序特权提升漏洞
Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications管理应用程序包含的基于WEB的工具存在访问验证问题,远程攻击者可以利用漏洞访问设备敏感信息和更改应用程序配置。 Cisco Unified ICME, Unified ICMH, UCCE,...
Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability Document ID: 97836 Advisory ID: cisco-sa-20071017-IPCC http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml Revision 1.0 For Public Release 2007...
DSA-1389-1 zoph - SQL injection
Bulletin has no description...
Cisco Unified Communications Web-based Management Vulnerability
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES TH...
GForge account/verify.php confirm_hash Parameter XSS
The remote host is running GForge, a web-based project for collaborative software development. The version of GForge installed on the remote host fails to sanitize user-supplied input to the 'confirmhash' parameter of the 'account/verify.php' script before using it to generate dynamic output. An...
ADOdb Lite adodb-perf-module.inc.php last_module Parameter Arbitrary Code Execution
ADOdb Lite, a lightweight database framework for PHP applications, is installed on the remote host. The version of ADOdb Lite on the remote host fails to sanitize input to the 'lastmodule' parameter of the 'adodb-perf-module.inc.php' script before using it in an 'eval' statement to evaluate PHP...
Plesk Multiple Script PLESKSESSID Cookie SQL Injection
Binary data 4213.prm...
Netjuke 1.0-rc2 - sql injection & XSS
The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all the MP3, Ogg Vorbis and other format files that constitute your digital music collection. Supports images, language packs, multi-level security, random playlists, etc http://sourceforge.net/projects/netjuke...
DSA-1374-1 jffnms - several vulnerabilities
Bulletin has no description...