IRIX netprint PATH Subversion Privilege Escalation
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the netprint program calls the disable command via a system() call without supplying an absolute path. The PATH environment variable for finding and executing the disable program can be trivially modified by a malicious user. This flaw may lead to a loss of integrity.. Read more.
StoreBot 2002 Standard Edition manage.asp ShipMethod Variable XSS
StoreBot contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ShipMethod' variable upon submission to the manage.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
StoreBot 2005 Professional Edition MgrLogin.asp Pwd Variable SQL Injection
StoreBot contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MgrLogin.asp script not properly sanitizing user-supplied input to the 'Pwd' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Parodia agencyprofile.asp AG_ID Variable XSS
Parodia contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'AG_ID' variable upon submission to the agencyprofile.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
iGENUS Webmail config_inc.php SG_HOME Variable Local File Inclusion
iGENUS Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config_inc.php script not properly sanitizing user input supplied to the 'SG_HOME' variable. This may allow an attacker to include or read arbitrary local files.. Read more.
Lighttpd Crafted Filename Request Script Source Disclosure
Lighttpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL request for a known .php file with "dot" and "space" characters appended to the file extension, which will disclose the requested file's source code resulting in a loss of confidentiality.. Read more.
M4 Project enigma-suite Windows Client Default Account
By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.. Read more.
TOPo inc_header.php gTopNombre Variable XSS
TOPo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'gTopNombre' variable upon submission to the inc_header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
PHP imap_open() Function Restriction Bypass
PHP contains a flaw that may allow a malicious local user to view arbitrary files and create or modify existing files with the same level of privelege as the web server. The issue is triggered when a script misuses the imap_open() function. It is possible that the flaw may allow reading arbitrary files or creating, renaming, or deleting existing files resulting in a loss of confidentiality or integrity.. Read more.
PHP mb_send_mail() Function Parameter Restriction Bypass
PHP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when sendmail paramaters are passed as arguments to the PHP mb_send_mail function. This flaw may lead to a loss of confidentiality or integrity.. Read more.
Vuln: Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities
Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities. Read more.
Vuln: ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability
ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability. Read more.
Vuln: Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities
Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities
. Read more.
Vuln: Bugzilla Whinedays SQL Injection Vulnerability
Bugzilla Whinedays SQL Injection Vulnerability. Read more.
iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability
iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability. Read more.
[ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability
[ MDKSA-2006:052 ] - Updated mozilla-thunderbird packages fix vulnerability
. Read more.
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability
[eVuln] E-Blah Platinum 'Referer' XSS Vulnerability. Read more.
ProtoVer Sample IMAP testsuite release
ProtoVer Sample IMAP testsuite release. Read more.
