what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 60 RSS Feed

Files Date: 2006-04-17 to 2006-04-18

phpbb-admin.txt
Posted Apr 17, 2006
Authored by noch22

On a phpBB board, a user having access to the admin panel is able to execute PHP code.

tags | advisory, php, add administrator
SHA-256 | 3ce6369b0ae26ca7a1150a8d147e40ac0375ffda69ed95f5228aa4fddd7a4f9b
phpBB-template.txt
Posted Apr 17, 2006
Authored by noch22

phpBB HTML template files are parsed and executed as PHP code. Therefore anyone with access to the template files can execute php code on the system.

tags | advisory, php
SHA-256 | 57848e7264e5ed324bfce768622e8141320eebdee2d3cc09dfcf6983f83dfff2
Encyclopedia-3.0.txt
Posted Apr 17, 2006
Authored by n0m3rcy

Encyclopedia versions less than or equal to 3.0 suffer from XSS

tags | advisory
SHA-256 | 61b38575274d18d06f3b8d3bc5142c27c639de4f349e72b99d29bb35bc8367e2
FreeContent.txt
Posted Apr 17, 2006
Authored by Silitix

Freecontent v2.9 and 3.0 suffer from a remote file inclusion vulnerability.

tags | advisory, remote, file inclusion
SHA-256 | 0c5a8a2a0dc2b4c5e66a279fc98f6a223de63ba736156083d1893868541416fc
Farsinews.txt
Posted Apr 17, 2006
Site aria-security.net

Farsinews 2.5.3 Pro and below suffer from XSS and path disclosure vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 948643d3936403d36429b9246aa527ec3962925e738e3c2aabb18926b0c3db7d
osCommerce-2.2-extras.txt
Posted Apr 17, 2006
Authored by rgod | Site retrogod.altervista.org

If the "extras" folder is placed inside the webroot on osCommerce versions less than v2.2 any file can be read on the target system, including php source code with the database details.

tags | advisory, php
SHA-256 | 836c86179c8fc75a45bcdf0a06345f8eefef3a8dab21ff18199a17631890737f
ModX-0.9.1.txt
Posted Apr 17, 2006
Authored by crasher | Site kecoak.or.id

ModX v0.9.1 suffers from XSS and a directory transversal vulnerability.

tags | advisory
SHA-256 | 1a8e0bf2f7d5c51b8eb8e49f24d9639004c322d11dac5c95bbe886a659094e15
Papoo-2.1.5
Posted Apr 17, 2006
Site kecoak.or.id

Papoo v2.1.5 suffers from XSS. POC included.

tags | advisory
SHA-256 | 9d980deac6b4ec46eb21acfb866545c3fff1f3664fb5adde691f2a81ff4fc47c
Lifetype.txt
Posted Apr 17, 2006
Authored by crasher | Site kecoak.or.id

Lifetype v1.0.3 suffers from XSS and full path disclosure vulnerabilities.

tags | advisory, vulnerability
SHA-256 | e0cb99379cf889102be002bd072c655d0bccabd441ad5383fd0de55e7c48fe8a
PowerClan1.14.txt
Posted Apr 17, 2006
Site d4igoro.blogspot.com

PowerClan 1.14 suffers from a SQL injection vulnerability if magic_quotes_gpc = off.

tags | advisory, sql injection
SHA-256 | 7257eab8ea32b9cfdc250408a3da562cb8de10bdd4dedec817f913b9b2f5cd42
camino.txt
Posted Apr 17, 2006
Authored by Simon MOREL | Site sysdream.com

Mozilla Camino browser versions 1.0 a prior are vulnerable to a HTML parsing null pointer dereference denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 2ffb8615d5475fafd287af027df6d6d28f3aedbfe686c7863455928035314008
planetSearch-xss.txt
Posted Apr 17, 2006
Authored by d4igoro

planetSearch+ version 26.10.2005 is vulnerable to XSS.

tags | advisory, xss
SHA-256 | cfb33f8f0400e46ef9a7154272d03fe3f1c8093f54f787eceae8e443c7044b35
ng-WGT624.txt
Posted Apr 17, 2006
Authored by tranceformer

The Netgear WGT624 contains a default admin username and password that can be used to access the device via the serial port.

tags | advisory
SHA-256 | 44c13a8296ddb1e73e629c6af619935468c43095f15c6e34afbf199c600e300f
pajax-0.5.1.txt
Posted Apr 17, 2006
Authored by RedTeam Pentesting | Site redteam-pentesting.de

PAJAX versions less than pajax-0.5.2 suffer from remote code injection and arbitrary file inclusion. POC included.

tags | exploit, remote, arbitrary, file inclusion
SHA-256 | 0a7cdff679ce3cf98d1a3f09f26716a9b0feae110597d211b27b6b74615af08e
Ubuntu Security Notice 270-1
Posted Apr 17, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-270-1 - kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 270033a80073d188d9e9b4d4f09a0eb2a0202aaf8af7d086fae54ceffaa8e148
EV0118.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0118 - CzarNews v1.14 suffers from multiple XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.

tags | advisory, vulnerability, sql injection
SHA-256 | a882eb18e89b86e0c1273dff588ec2ace548752772df9f582ebdcc1089c68779
EV0117.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0117 - aWebBB v1.2 suffers from several XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.

tags | advisory, vulnerability, sql injection
SHA-256 | 7c2462d0c11ad455c68ca8557bf9d0db3392cd733a17a337d13d9f500331ecee
EV0116.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0116 - aWebNews v1.0 suffers from multiple XSS and SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | 44ea9e09379833f85c9228d1b8253e7b64c8479f87e99fe1018449fecb5e81d3
EV0115.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0115 - RedCMS 0.1 suffers from multiple XSS and SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | 17faed78577a05e8e537dabdd55758c579b7368ea3ec41c67f207c7554e5b982
EV0114.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0114 - qliteNews v2005.07.01 suffers from SQL injection if magic_quotes_gpc = off.

tags | advisory, sql injection
SHA-256 | 03200a82e27271bd06565d36674fceff633dfbfc62664b795f7a2a54a7c9d7b0
EV0113.txt
Posted Apr 17, 2006
Authored by Aliaksandr Hartsuyeu | Site evuln.com

eVuln ID: EV0113: QLnews v1.2 suffers from XSS and php code insertion vulnerabilities.

tags | advisory, php, vulnerability
SHA-256 | 9ebd6dce24baa96be5453d7167edec529b5d7baf4e506dee941404551a219699
Gentoo Linux Security Advisory 200604-7
Posted Apr 17, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200604-07 - Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Versions less than 0.8.6h_p20060108-r2 are affected.

tags | advisory, vulnerability, sql injection
systems | linux, gentoo
SHA-256 | 37b21ae4309a337d83774dedca227c9541106fd08d69292defcbc15d8b9a44ab
Gentoo Linux Security Advisory 200604-8
Posted Apr 17, 2006
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200604-08 - A vulnerability has been reported in the apreq_parse_headers() and apreq_parse_urlencoded() functions of Apache2::Request. Versions less than 2.07 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 7ae96418197961094081515b48da6bacba5a54863e3400ba3fe05e1eedd6160d
Debian Linux Security Advisory 1036-1
Posted Apr 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1036-1: A buffer overflow problem has been discovered in sail, a game contained in the bsdgames package, a collection of classic textual Unix games, which could lead to games group privilege escalation.

tags | advisory, overflow
systems | linux, unix, debian
SHA-256 | 0a1ac2ac35dca85ecfd02d905d51ccf36776157fc5a73b8d594e7d8915b77e54
Debian Linux Security Advisory 1035-1
Posted Apr 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1035-1: Steve Kemp from the Debian Security Audit project discovered that a cronjob contained in fcheck, a file integrity checker, creates a temporary file in an insecure fashion.

tags | advisory
systems | linux, debian
SHA-256 | 291851b66fa0ba29a78f58ffc12bce22c5511b0d8719f9bf696c44407f46c1f0
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    0 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close