7575 matches found
Trac: Cross-site scripting vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL. Impact A remote attacker could exploit this to inject and execute...
ELOG < 2.6.2 Multiple Vulnerabilities
Binary data 3379.prm...
DDSN CMS Admin Panel SQL Injection Vulnerability
Web Site : http://www.ddsn.com and http://www.cm3cms.com Description : DDSN is an expert provider of professional services surrounding the science of content management: Design, information architecture, deployment, and integration. In addition we offer our own content management software: Our...
PhpGedView PGV_BASE_DIRECTORY Parameter Remote File Inclusion
Binary data 3333.prm...
IntranetApp XSS vuln.
IntranetApp XSS vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/intranetapp-xss-vuln.html vendor:www.aspapp.com/content.asp?contentid=322 affected version:3.3 and prior Product Description: IntranetApp gets groups on the same page with tools...
IRM 013: Ultraapps Issue Manager is vulnerable to Privilege Escalation
---------------------------------------------------------------------- IRM Security Advisory No. 013 Ultraapps Issue Manager is vulnerable to Privilege Escalation Vulnerablity Type / Importance: Privilege Escalation / High Problem discovered: November 25th 2005 Vendor contacted: November 25th 200...
ELOG Remote Buffer Overflow Vulnerabilities
The remote host appears to be using ELOG, a web-based electronic logbook application. The version of ELOG installed on the remote host crashes when it receives HTTP requests with excessive data for the 'mode' and 'cmd' parameters. An unauthenticated attacker may be able to exploit these issues to...
contenite XSS vuln.
contenite XSS vuln. Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/contenite-xss-vuln.html vendor:http://contenite.de/ affected version: 0.11 and prior Product Description: A CMS that stays out of your way contenite is an embedded content...
PDEstore XSS vuln.
PDEstore XSS vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/pdestore-xss-vuln.html vendor:www.smart-choices.org/docs/pdestore.html affected version:1.8 and prior Product Description: PDEstore Ver. 1.8 is an easy to easy to install, easy to u...
perl-cal-29920.txt
------=Part1714122617522.1134045408185 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Vendor: Perl-Cal Version tested: Perl-Cal 2.99.20 , other versions may also be affected. Type: Cross Site Scripting Severity: Medium...
ProjectForum 4.7.0 vuln.
ProjectForum 4.7.0 vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/projectforum-470-vuln.html vendor:http://www.projectforum.com/pf/ affected version:4.7.0 and prior Product Description: ProjectForum provides a professional and easy-to-use...
Mantis bugtracking system XSS vuln.
Mantis bugtracking system XSS vuln. Vuln. dicovered by : r0t Date: 13 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/mantis-bugtracking-system-xss-vuln.html vendor:http://www.mantisbt.org/ affected version: 1.0.0rc3,1.0.0rc2 and prior Product Description: Mantis is a web-based...
Dell TrueMobile 2300 - Remote Credential Reset
Dell TrueMobile 2300 - Remote Credential Reset source: https://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in...
Calendar Express 2 SQL inj. vuln.
Calendar Express 2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html Vendor:www.phplite.com/products/calendarexpress/index.php affected version:2.2 and prior Product Description: Calendar Express 2 ...
LogicBill 1.0 SQL inj.
LogicBill 1.0 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/logicbill-10-sql-inj.html Vendor:http://www.logicbill.com affected version: 1.0 and prior Product description: LogicBill is a fully featured web based billing application. It...
[SECURITY] [DSA 899-1] New egroupware packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 899-1 [email protected] http://www.debian.org/security/ Martin Schulze November 17th, 2005 http://www.debian.org/security/faq -...
atutor151pl2.txt
ATutor 1.5.1pl2 SQL Injection / Remote commands execution software: site: http://www.atutor.ca/ description : "ATutor is an Open Source Web-based Learning Content Management System LCMS designed with accessibility and adaptability in mind." if magicquotesgpc off - SQL INJECTION vulnerable code in...
[waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier
================================================================================ waraxe-2005-SA043 ================================================================================ Sql injection in Phorum 5.0.20 and earlier...
vBulletin Init.PHP unspecified vulnerability
The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to an unspecified issue. It is reported that versions 3.0.0 through to 3.0.4 are prone to a security flaw in 'includes/init.php'. Successful exploitation...
CVSTrac history.c history_update function overflow
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to the historyupdate function in history.c that may allow an attacker to cause a buffer overflow and execute arbitrary code on the remote system. OpenVAS has...