eGroupWare Detection

The remote host is running eGroupWare, a web-based groupware solution. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid15720; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01"; scriptnameenglish:"eGroupWare Detection";...

w-Agora Multiple Script Traversal Arbitrary File Access

The remote host is running w-agora, a web-based forum application written in PHP. The remote version of this software is prone to directory traversal attacks. A remote attacker could send specially crafted URL to read arbitrary files from the remote system with the privileges of the web server...

Debian DSA-229-1 : imp - SQL injection

Jouko Pynnonen discovered a problem with IMP, a web-based IMAP mail program. Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication. Even though results of SQL queries aren't directly readable from the screen, an attacker migh...

TorrentTrader download.php id Parameter SQL Injection

The remote host is running TorrentTrader, a web-based BitTorrent tracker. The remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to inject arbitrary SQL statements in the remote database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MercuryBoard < 1.1.3 Multiple Vulnerabilities

Binary data 2627.prm...

[Full-Disclosure] Centre 1.0 PHP injection, bypass authentication + possible SQL injection.

Summary: The Miller Group, Inc. www.miller-group.net announces the release of Centre, a free student information system for public and non-public schools. Centre is a web-based, open source, student management product with features that include scheduling, grade book, attendance, eligibility,...

CVE-2004-0611

The CVE-2004-0611 issue affects Netgear FVS318 VPN Router. The Web-Based Administration component is vulnerable to a denial of service when an attacker opens a large number of HTTP connections, rendering the device unable to accept new connections (availability impact). The referenced documents d...

Microsoft MN-500 Wireless Router Web-Based Administration DoS

Microsoft MN-500 Wireless Router Web-Based Administration DoS http://www.kurczaba.com/securityadvisories/0406213.htm ------------------------------------------------------------- Vulnerability ID Number: 0406213 Overview: A vulnerability has been found in the Microsoft MN-500 Wireless Router...

NETGEAR FVS318 Web-Based Administration DoS

NETGEAR FVS318 Web-Based Administration DoS http://www.kurczaba.com/securityadvisories/0406211.htm ------------------------------------------------------------- Vulnerability ID Number: 0406211 Overview: A vulnerability has been found in the Netgear FVS318 VPN Router Web-Based Administration...

[Full-Disclosure] [waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7]

================================================================================ waraxe-2004-SA019 ================================================================================ Critical sql injection bug in Phorum 3.4.7...

phpBugTracker 0.9.1 - Multiple Vulnerabilities

phpBugTracker 0.9.1 - Multiple Vulnerabilities phpBugTracke Multiple Vulnerabilities Vendor: Benjamin Curtis Product: phpBugTracke Version: query"delete from ".TBLBUGVOTE." where userid = $u and bugid = $bugid"; As we can see from that line of code taken from about line 30 of user.php it is clear...

[UNIX] OWLS Remote Arbitrary Files Disclosure

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Open Journal Blog Authenticaion Bypassing Vulnerability

Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completel...

openjournal2.5.txt

Open Journal Blog Authenticaion Bypassing Vulnerability ================================================= PROGRAM: Open Journal HOMEPAGE: http://www.grohol.com/downloads/oj/ VULNERABLE VERSIONS: 2.5 and below DESCRIPTION ================================================= OpenJournal is a completel...

Compaq Web-Based Management Agent Remote Overflow DoS

It was possible to kill the remote web server by requesting something like: / This is probably a Compaq Web Enterprise Management server. This flaw could be used to forbid managing machines. C Tenable Network Security, Inc. References: Message-ID: Date: Thu, 19 Jun 2003 00:05:14 +0200 CEST From:...

Multiple web-based email services fail to filter malicious characters when the message contains cascading style sheet character escaping

Overview An attacker can send a specially crafted email message to a victim containing malicious scripting JavaScript, VBScript, JScript, etc., active content, or potentially HTML. When a victim views the message with scripting enabled, the victim's browser will then interpret this javascript whi...

linksysDoS.txt

DigitalPranksters Security Advisory http://www.DigitalPranksters.com LinkSys EtherFast Router Denial of Service Attack Risk: Low Product: Linksys EtherFast Cable/DSL Firewall Router BEFSX41 Firmware 1.44.3 Product URL: http://www.linksys.com/products/product.asp?prid=433 Vendor Contacted: Septemb...

Nokia Electronic Documentation - Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Nokia Electronic Documentation - Multiple Vulnerabilities Release Date: 09/15/2003 Application: NED Nokia Electronic Documentation Platform: Windows NT4 and WebLogic tested others may be...

DSA-355 gallery - cross-site scripting

Bulletin has no description...

[KSA-001] Multiple vulnerabilities in Tutos

================================================= Kereval Security Advisory KSA-001 Multiple vulnerabilities in Tutos ================================================= PROGRAM: Tutos HOMEPAGE: http://www.tutos.org VULNERABLE VERSIONS: 1.1 RISK: Medium/High IMPACT: Cross Site Scripting RELEASE DAT...