7574 matches found
RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities
---------------------------------------------------------------------------------- - GroundZero Security Research and Software Development 2006 - ---------------------------------------------------------------------------------- - - - Security Advisory regarding RechnungsZentrale v2. - - SQL...
[SECURITY] [DSA 1027-1] New mailman packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 1027-1 [email protected] http://www.debian.org/security/ Steve Kemp April 6th, 2006 http://www.debian.org/security/faq -...
TWiki Search.pm shell command injection
Added: 04/06/2006 CVE: CVE-2004-1037 BID: 11674 OSVDB: 11714 Background TWiki is a web-based collaboration platform written in PERL. Problem The Search.pm module does not sufficiently check search strings for illegal characters, allowing remote attackers to execute commands using search strings...
CanfTool11.txt
Cross Site Scripting Attack CanfTool v1.1 ========================================= Description : Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much mor...
Community Link Pro webeditor login.cgi remote command execution
The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software contains a flaw in the script 'login.cgi' which may allow an attacker to execute arbitrary commands on the remote host. OpenVAS Vulnerability Test $Id:...
[SA19223] BorderWare MXtreme Web Administration Unspecified Vulnerability
TITLE: BorderWare MXtreme Web Administration Unspecified Vulnerability SECUNIA ADVISORY ID: SA19223 VERIFY ADVISORY: http://secunia.com/advisories/19223/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote OPERATING SYSTEM: Borderware MXtreme http://secunia.com/product/1842/...
PHP iCalendar publish.ical.php Arbitrary File Upload
The remote host appears to be running PHP iCalendar, a web-based iCal file viewer / parser written in PHP. The installed version of PHP iCalendar supports iCal publishing but does not properly restrict the types of files uploaded and places them in a web-accessible directory. An unauthenticated...
[Full-disclosure] [SECURITY] [DSA 989-1] New zoph packages fix SQL injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 989-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 9th, 2006 http://www.debian.org/security/faq -...
DSA-989-1 zoph - SQL injection
Bulletin has no description...
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities
http://gregarius.net/ Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want. XSS in search.php: search.php?rssquery=scriptalert1/script&rssquerymatch=exact XSS in tags.php:...
[SECURITY] [DSA 980-1] New tutos package fixes several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 980-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 22nd, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 980-1] New tutos packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 980-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 22nd, 2006 http://www.debian.org/security/faq -...
Design/Logic Flaw
Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this...
DSA-980-1 tutos - several
Bulletin has no description...
[BuHa-Security] Multiple Vulnerabilities in Mantis 1.00rc4
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 7 | Feb 14th, 2006 | --------------------------------------------------- | Vendor | Mantis BT | | URL | http://www.mantisbt.org/ | | Version | = Mantis 1.00rc4 | | Risk ...
dotProject < 2.0.2 Multiple Script Remote File Inclusion
Binary data 3433.prm...
HiveMail <= 1.3 Multiple Vulnerabilities
GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail = 1.3 Risk : Multiple Vulnerabilities Description: HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail...
HiveMail-1.3.txt
GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail queryfirst" SELECT contacts FROM hivecontactgroup WHERE contactgroupid = $contactgroupid AND userid = $hiveuseruserid ";...
eyeOS089.txt
GulfTech Security Research February 7, 2006 Vendor : eyeOS Project URL : http://www.eyeos.org/ Version : eyeOS = 0.8.9 Risk : Remote Code Execution Description: eyeOS is a "web based operating system" written in php, that lets you access your data and your applications from anywhere with an...
Trac: Cross-site scripting vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...