Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-457-1)
Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges. Note that Tenable Network Security has extracted the preceding.....
6.4AI Score
0.001EPSS
Ubuntu 6.06 LTS / 6.10 / 7.04 : elinks vulnerability (USN-519-1)
Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal sensitive information (such as passwords). Note that Tenable Network Security...
5.9AI Score
0.01EPSS
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в Ripe CMS. XSS: POST запрос на странице http://site/contact-us: "><script>alert(document.cookie)</script> В полях: Ваше имя, Ваш адрес, Тема. Дополнительная информация о данной уязвимости у меня на са...
AI Score
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject...
AI Score
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a).....
8.4AI Score
0.303EPSS
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY...
6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY...
5.6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY...
5.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY...
5.6AI Score
0.002EPSS
-0.3AI Score
SocketMail 2.2.8 fnc-readmail3.php Remote File Inclusion Vulnerability
No description provided by...
7.1AI Score
7.4AI Score
EPSS
-0.3AI Score
SocketMail 2.2.8 fnc-readmail3.php Remote File Inclusion Vulnerability
Exploit for unknown platform in category web...
7.1AI Score
Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion
Socketmail 2.2.8 - fnc-readmail3.php Remote File...
AI Score
7.4AI Score
EPSS
SearchSimon Lite 1.0 - Filename.asp Cross-Site Scripting
SearchSimon Lite 1.0 - Filename.asp Cross-Site...
-0.4AI Score
[Aria-Security.Net] SearchSimon Lite Cross-Site Scripting Vuln.
Aria-Security Team http://Aria-Security.net/ SearchSimon Lite Cross-Site Scripting The file Name may be different in different websites PoC filename.asp?QUERY=[XSS]&Submit=Search%21&ACTION=SEARCH Credits Goes To Aria-Security Team Aria-Security.Net...
0.1AI Score
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or...
7.3AI Score
0.006EPSS
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or...
7.7AI Score
0.006EPSS
Multiple Vendor FLAC Library Multiple Integer Overflow Vulnerabilities iDefense Security Advisory 10.11.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 11, 2007 I. BACKGROUND Free Lossless Audio Codec (FLAC) is a popular file format for audio data compression. AOL Corp.'s Winamp...
1.4AI Score
0.516EPSS
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3)....
7.7AI Score
0.086EPSS
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3)....
7.3AI Score
0.086EPSS
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3)....
7.3AI Score
0.086EPSS
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3)....
7.3AI Score
0.086EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode...
6.3AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode...
6AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode...
6AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode...
6AI Score
0.004EPSS
The Bugzilla development team reports : Bugzilla::WebService::User::offer_account_by_email does not check the 'createemailregexp' parameter, and thus allows users to create accounts who would normally be denied account creation. The 'emailregexp' parameter is still checked. If you do not have the.....
6.4AI Score
0.016EPSS
Debian DSA-1380-1 : elinks - programming error
Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be...
6.3AI Score
0.01EPSS
[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure
Debian Security Advisory DSA 1380-1 [email protected] http://www.debian.org/security/ Steve Kemp October 2nd, 2007 http://www.debian.org/security/faq Package : elinks Vulnerability : programming error Problem type :...
5.9AI Score
0.01EPSS
0.7AI Score
0.038EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs Remote command execution, HTML and JavaScript injection vulnerabilities in AOL’s Instant Messaging software Advisory Information Title: Remote Command...
-0.2AI Score
0.038EPSS
Unfixed XSS vulnerability at fplayer.youtubech.com
Security researcher kusomiso.com, has submitted on 25/09/2007 a cross-site-scripting (XSS) vulnerability affecting fplayer.youtubech.com, which at the time of submission ranked 17378 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 01/10/2007. It....
-0.1AI Score
Releases Ubuntu 7.04 Ubuntu 6.10 Ubuntu 6.06 Packages elinks - Details Kalle Olavi Niemitalo discovered that if elinks makes a POST request to an HTTPS URL through a proxy, information may be sent in clear-text between elinks and the proxy. Attackers with access to the network could steal...
5.8AI Score
0.01EPSS
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module...
7.9AI Score
0.696EPSS
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module...
8.2AI Score
0.696EPSS
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module...
7.8AI Score
0.696EPSS
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module...
7.9AI Score
0.696EPSS
ADOdb Lite adodb-perf-module.inc.php last_module Parameter Arbitrary Code Execution
ADOdb Lite, a lightweight database framework for PHP applications, is installed on the remote host. The version of ADOdb Lite on the remote host fails to sanitize input to the 'last_module' parameter of the 'adodb-perf-module.inc.php' script before using it in an 'eval()' statement to evaluate...
AI Score
0.696EPSS
Security Advisory for Bugzilla 3.0.1 and 3.1.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Summary Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers a critical security issue that has recently been fixed in the Bugzilla code: Even with account creation disabled, users can use the...
0.3AI Score
Bugzilla < 3.0.2 / 3.1.2 WebService/User.pm Authentication Bypass
The remote host is running Bugzilla, a bug-tracking software with a web interface. The version of Bugzilla on the remote host suffers from a flaw when parsing input to the 'createemailregexp' parameter of the 'offer_account_by_email()' function in the 'WebService/User.pm' file. An attacker...
3.5AI Score
Bugzilla User.pm非授权创建帐户绕过访问验证漏洞
Bugzilla是一种流行的开源软件Bug跟踪系统。 Bugzilla的实现上存在漏洞,远程攻击者可能利用此漏洞非授权创建帐户获取对系统的访问。 Bugzilla的User.pm模块的offer_account_by_email()函数没有对createemailregexp参数做充分的检查过滤,如果系统上安装了SOAP::Lite Perl模块,那么远程攻击者可能利用此漏洞在系统上创建Bugzilla用户帐号,从而获取对系统的访问。 Mozilla Bugzilla < 3.1.2 Mozilla Bugzilla < 3.0.2 ...
7.1AI Score
Plague in (security) software drivers & BSDOhook utility
Hello, We have found number of vulnerabilities in implementations of SSDT hooks in many different products. Vulnerable software: * BlackICE PC Protection 3.6.cqn * G DATA InternetSecurity 2007 * Ghost Security Suite beta 1.110 and alpha 1.200 * Kaspersky Internet Security 7.0.0.125 * Norton...
1.4AI Score
bugzilla -- "createmailregexp" security bypass vulnerability
The Bugzilla development team reports: Bugzilla::WebService::User::offer_account_by_email does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still...
6.4AI Score
0.016EPSS
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected....
7.1AI Score
0.038EPSS
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected....
6.8AI Score
0.038EPSS
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected....
6.8AI Score
0.038EPSS
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected....
6.8AI Score
0.038EPSS