WebCalendar User Account Enumeration Weakness

WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. See project homepage for details: http://www.k5n.us/webcalendar.php Description: The problem is that

modules name(Sections)SQL Injection Exploit

By: Mr-X Email: [EMAIL PROTECTED] Subject: modules name(Sections)SQL Injection example:- /modules.php?name=Surveysop=resultspollID=8mode=order=thold=[SQL]

modules name(Downloads)SQL Injection Exploit

By: Mr-X Email: [EMAIL PROTECTED] Subject: modules name(Downloads)SQL Injection example:- /modules.php?/modules.php?name=Downloadsd_op=viewdownloadcid=[SQL]

CuteNews 1.4.1 Multiple vulnerabilities

/* --- [N]eo [S]ecurity [T]eam [NST]® Advisory #20 --- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 lower ones Risk:

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

While this is arguably a misfeature, it's not like anyone reading the documentation wouldn't know about it, and you have to explicitly enable it. It does not seem too much of a problem to me. Joachim Secure by default is not just a catch phrase. it's a really good idea. By making the default

[ MDKSA-2006:081-1 ] - Updated xorg-x11 packages fix vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2006:081-1 http://www.mandriva.com/security/

Re: ISA Server 2004 Log Manipulation

There is a Log Manipulation vulnerability in Microsoft ISA Server 2004, which when exploited will enable a malicious user to manipulate the Destination Host parameter of the log file. ... We were able to insert arbitrary characters, in this case the ASCII characters 1, 2, 3 (respectively) into

Re: ISA Server 2004 Log Manipulation

On Friday 05 May 2006 09:16, Steven M. Christey wrote: There is a Log Manipulation vulnerability in Microsoft ISA Server 2004, which when exploited will enable a malicious user to manipulate the Destination Host parameter of the log file. ... We were able to insert arbitrary characters, in

Invision Community Blog .. Bugs

[LEFT] Invision Community Blog .. Bugs SQL Injection :- Filename :- mod.php Function name :- do_mmod() The $ids Unfilter Input By Intval As Array :) So We Can Do SQL Injection -- * Arabic * [/LEFT] [RIGHT] ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå ..

SaPHPLesson 3.0 Multbugs

SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --: 1- Unfilter array Filename:- show.php Line:- 102 [code] $hrow[] = $Row2;[/code] Fix :- Add To Line [ 11 ] /show.php This Code :- we add the code to global to fix all unfilter

Re: WebCalendar User Account Enumeration Weakness

According to WebCalendar lead developer, this will be corrected in upcoming developer release v1.1. david On 5/5/06, David Maciejak [EMAIL PROTECTED] wrote: WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of

Cryptomathic ActiveX Buffer Overflow (TDC Digital signature)

A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The suite consists of Cryptomathic PrimeInk CSP and some ActiveX objects. The primary task of the CSP is to handle private RSA keys that are encrypted by keys derived from the user provided

TSLSA-2006-0024 - multi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Trustix Secure Linux Security Advisory #2006-0024 Package names: clamav, cyrus-sasl, kernel, libtiff, rsync, xorg-x11 Summary: Multiple vulnerabilities Date: