CVE-2006-5639

OpenWBEM 3.2.0 has an unspecified vulnerability in its random number generator that can enable privilege escalation via local or HTTP Digest authentication. Affected component: RNG in OpenWBEM. Impact aligns with CVSS base: HIGH (AV:N/AC:L/Au:N/C:P/I:P/A:P). No exploitation details or patch infor...

ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router - Information Disclosure

ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router - Information Disclosure source: https://www.securityfocus.com/bid/20834/info ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information-disclosure vulnerability. The router's Web-Based Management interface fails to...

ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router - Information Disclosure

source: https://www.securityfocus.com/bid/20834/info ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information-disclosure vulnerability. The router's Web-Based Management interface fails to authenticate users before providing access to sensitive information. Exploiting thi...

Gallery main.php远程目录遍历漏洞

Gallery是基于Web的开放源码相册管理器。 Gallery中存在目录遍历漏洞，攻击者可以通过特制的url无需登录便访问服务器中webserver可访问的任意文件，导致泄漏敏感信息。 Gallery Gallery 2.0-Beta3 厂商补丁： Gallery ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： Gallery Upgrade gallery-2.0.1-typical.tar.gz http://prdownloads.sourceforge.net/gallery/gallery-2.0.1-typical.tar.gz...

Horde Ingo Software Detection

The remote host is running Ingo, a PHP-based application from the Horde Project for managing email filter rules. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22899; scriptversion"1.20"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...

PHPMyManga 0.8.1 - 'template.php' Multiple File Inclusions

+------------------------------------------------------------------------------------------- + PhpMyManga +------------------------------------------------------------------------------------------- + Details: + Input passed to the 'actionsPage' or 'formPage' parameter in template.php is not...

Multiple XSS Vulnerability in Gcontact

Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0005 Status: Partial Date: 2006/10/14 Summary: Armorize-ADV-2006-0005 discloses multiple cross-site scripting vulnerabilities that are found in Gcontact, which is a Web based address book written in Ajax/PHP offering multi-use...

Debian DSA-905-1 : mantis - several vulnerabilities

Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3091 A cross-site scripting vulnerability allows attackers to inject arbitrary web script or HTML. -...

Debian DSA-980-1 : tutos - several vulnerabilities

Joxean Koret discovered several security problems in tutos, a web-based team organization software. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2004-2161 A SQL injection vulnerability allows the execution of SQL commands through the linkid parameter ...

Debian DSA-944-1 : mantis - several vulnerabilities

Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4238 Missing input sanitising allows remote attackers to inject arbitrary web script or HTML. -...

Adobe Breeze Directory Traversal Arbitrary File Access

The remote web server appears to be Adobe Breeze, a web-based video conferencing system. The version of Adobe Breeze installed on the remote host reportedly has an issue with URL parsing. While specific information about the issue is currently not available, a remote attacker may be able to explo...

Debian DSA-1052-1 : cgiirc - buffer overflows

Several buffer overflows have been discovered in cgiirc, a web-based IRC client, which could be exploited to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1052. T...

net2ftp.txt

+-------------------------------------------------------------------- + + net2ftp: a web based FTP client : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: net2ftp: a web based FTP client + Venedor ...........:...

Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution

Microsoft Security Advisory 925984 Vulnerability in PowerPoint Could Allow Remote Code Execution Published: September 27, 2006 Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Offic...

Claroline Software Detection

The remote host is running Claroline, an open source, web-based, collaborative learning environment written in PHP. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22409; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...

Update Protection against Indexing Service Cross-Site Scripting Vulnerability (MS06-053)

A cross-site scripting XSS vulnerability exists in Microsoft Windows Indexing Service. Indexing Service is a feature that supports rapid searching of file contents and properties by extracting information from files and storing it in indexes organized for fast searching. A remote attacker can...

Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability

Computer Terrorism UK :: Incident Response Centre www.computerterrorism.com Security Advisory: CT12-09-2006 ============================================================ Adobe/Macromedia Flash Player - Remote Code Execution ============================================================ Advisory Date...

Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability

Computer Terrorism UK :: Incident Response Centre www.computerterrorism.com Security Advisory: CT12-09-2006-2.htm ============================================== Microsoft Publisher Font Parsing Vulnerability ============================================== Advisory Date: 12th, September 2006...

Microsoft Indexing Service - Query Validation Cross-Site Scripting

Microsoft Indexing Service - Query Validation Cross-Site Scripting source: https://www.securityfocus.com/bid/19927/info Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other...

CVE-2006-4523

CVE-2006-4523 affects 2Wire HomePortal and OfficePortal Series modems/routers: the web-based management interface is vulnerable to a DoS via a CRLF sequence in a GET request, causing a crash. Root cause is input parsing of CRLF within the request; impact is partial availability loss. Connected do...