[Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list

Advisory: Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list Release Date: 2006-08-30 Application: Lyris ListManager 8.95 Risk: Depends upon your use and business context Vendor site: http://www.lyris.com/ Overview of Product: "Lyris ListManager is the world's most popular...

Microsoft Security Advisory (923762) Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit

Microsoft Security Advisory 923762 Microsoft Security Advisory 923762: Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit Published: August 22, 2006 On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042...

Symantec On-Demand Protection Encrypted Data Exposure

SUMMARY Symantec On-Demand Agent SODA and Symantec On-Demand Protection SODP provide a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enable...

Echo Security Advisory 2006.36

ECHO.OR.ID ECHOADV36$2006 --------------------------------------------------------------------------- ECHOADV36$2006 ExtCalendar...

[ECHO_ADV_36$2006] ExtCalendar <== v2.0 Remote File Include Vulnerabilities

ECHO.OR.ID ECHOADV36$2006 --------------------------------------------------------------------------- ECHOADV36$2006 ExtCalendar == v2.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Ahmad Maulana a.k.a Matdhule Date : Jul...

ATutor : Cross-Site Scripting Vulnerabilities

----------------------------------------------------------------- Security Advisory 4 ^ http://securitynews.ir/ Advisory Title: ATutor : Cross-Site Scripting Vulnerabilities @ Author : bug @ securitynews.ir $ Product Vendor : http://www.atutor.ca/ . Affected Versions : 1.5.3 RC2 and maybe before ...

[Full-disclosure] [scip_Advisory 2351] Kyberna AG ky2help various form fields SQL Injection

Kyberna AG ky2help various form fields SQL Injection scip AG Vulnerability ID 2351 07/04/2005 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2351 I. INTRODUCTION Kyberna ky2help is a commercial solution for a web-based ticketing and support system. Users are able to send tickets and those are...

SiteBuilder-FX top.php admindir Parameter Remote File Inclusion

The remote host is running SiteBuilder-FX, a web-based design system written in PHP. The version of SiteBuilder-FX installed on the remote host fails to sanitize input to the 'admindir' parameter of the 'admin/top.php' script before using it to include PHP code. Regardless of the setting of PHP's...

Trend Micro Control Manager (TMCM) Persistent XSS Vulnerability

Trend Micro Control Manager TMCM Persistent XSS Vulnerability June 23, 2006 Product Overview: Trend Micro Control Manager is a centralized, web-based outbreak management console designed to simplify enterprise-wide coordination of outbreak security actions and management of Trend Micro products a...

iPlanet.txt

Summary ---------------- Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a...

Sun iPlanet Messaging Server 5.2 HotFix 1.16 - Root Password Disclosure

Date: 14 Jun 2006 Vendor: Sun Microsystems, Inc. Name: iPlanet Messaging Server Version: 5.2 HotFix 1.16 built May 14 2003 Vuln: msg.conf symlink attack Severity: high Software description ---------------- The iPlanet Messaging Server is a software product that provides a centralized location for...

Microsoft Windows Media Player Malformed PNG Remote Code Execution Vulnerability

Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability. This vulnerability is related to handling of malicious PNG images. PNG images may be embedded in Windows Media Player skin files. Attackers may be able to exploit this issue by causing the application to...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

Ipswitch WhatsUp Professional 2006 - Authentication Bypass source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based...

Ipswitch WhatsUp Professional 2006 - Authentication Bypass

source: https://www.securityfocus.com/bid/18019/info Ipswitch WhatsUp Professional 2006 is susceptible to a remote authentication-bypass vulnerability. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the application. This will aid them...

ACal embed/day.php path Parameter Remote File Inclusion

The remote host is running ACal, an open source, web-based event calendar written in PHP. The version of ACal installed on the remote host fails to sanitize user-supplied input to the 'path' parameter of the 'embed/day.php' script before using it in PHP 'include' functions. Provided PHP's...

[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...

DSA-1052-1 cgiirc - buffer overflows

Bulletin has no description...

Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure

The remote host is running Asterisk Recording Interface ARI, a web-based portal for the Asterisk PBX software. The version of ARI installed on the remote host allows an unauthenticated attacker to view its configuration file, which contains sensitive information such as passwords. %NASLMINLEVEL...

X7 Chat help/index.php help_file Parameter Local File Inclusion

The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to properly sanitize input to the 'helpfile' parameter of the 'help/index.php' script before using it in a PHP 'includeonce' function. Provided PHP's...