696 matches found
CVE-2008-2998
CVE-2008-2998 affects the Drupal Aggregation module (5.x) vulnerable before version 5.x-4.4. The vulnerability enables remote XSS via unspecified vectors in this module, allowing injection of arbitrary script/HTML. Impact is remote user interaction is not required, with partial integrity impact a...
CVE-2008-3001
CVE-2008-3001 affects Drupal’s Aggregation module (5.x) prior to 5.x-4.4. A crafted feed enables uploading files with arbitrary extensions, which could lead to remote code execution. Impact is described as remote attacker access with potentially complete compromise. A patch is available in 5.x-4....
SA-2008-035 - Aggregation - Multiple vulnerabilities
The Aggregation module syndicates content from external feeds saving them as nodes. A significant amount of vulnerabilities were discovered in the module: Cross site scripting - Numerous values are displayed without being properly escaped or filtered, which enables users to inject arbitrary HTML...
Buffer overflow
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...
CVE-2007-6052
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service divide-by-zero error and DBMS crash, related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...
CVE-2007-6052
CVE-2007-6052 affects IBM DB2 UDB 9.1 before Fixpak 4. The issue is in vector aggregation, which may allow a remote attacker to cause a denial of service via a divide-by-zero error/crash in the DBMS. The vendor description is noted as vague regarding its security relevance, but multiple connected...
CVE-2006-5213
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation network device aggregation...
CVE-2006-5213
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation network device aggregation...
CVE-2005-3818
Multiple cross-site scripting XSS vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 various input fields, including the contact, lead, and first or last name fields, 2 the record parameter in a DetailView action in the Leads module f...
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting source: https://www.securityfocus.com/bid/15562/info vtiger CRM is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. vTiger CRM is pro...
[SA17693] vtiger CRM Multiple Vulnerabilities
TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA17693 VERIFY ADVISORY: http://secunia.com/advisories/17693/ CRITICAL: Highly critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access WHERE: From remote SOFTWARE...
CVE-2005-2416
Multiple cross-site scripting XSS vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 term parameter to the search module or 2 title in the blog aggregation module...
CVE-2005-2416
Multiple cross-site scripting XSS vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 term parameter to the search module or 2 title in the blog aggregation module...
Hardened-PHP Project Security Advisory 2005-11.59
Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Multiple vulnerabilities in Contrexx Release Date: 2005/07/21 Last Modified: 2005/07/18 Author: Christopher Kunz Application: Contrexx 1.0.5 Severity: Cross-Site Scripting, SQL injection and information disclosure, passwo...
webtv-insecurities.txt
Date: Mon, 12 Oct 1998 21:32:49 -0600 MDT From: mea culpa To: InfoSec News Subject: ISN Web TV owns your cache Forwarded From: Jon http://www.usatoday.com/life/cyber/zd/zd7.htm 10/12/98- WebTV is watching you From: Inter@ctive Week Online Microsoft Corp.'s WebTV Networks Inc. is quietly using a...
Update Rollup 3 for System Center Operations Manager 2019 (KB4594078)
None None...