94 matches found
Bugzilla多个远程安全漏洞
BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞,远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段,这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串,执行跨站脚本攻击。...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
JVN#66303599 WebCart cross-site scripting vulnerability
WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version provided by the vendor. For more...
CVE-2006-2420
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...
CVE-2006-0913
CVE-2006-0913 describes an SQL injection in the Bugzilla component for the web front end. The vulnerability affects Bugzilla versions 2.17 through 2.18.4 and 2.20, where remote authenticated users with administrative privileges can exploit the flaw via the whinedays parameter exposed from editpar...
CVE-2006-0916
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain...
CVE-2005-2947
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource...
CVE-2005-2947
CVE-2005-2947 describes a buffer overflow in KillProcess version 2.20 and earlier, triggered by an executable file containing a long FileDescription in the version resource. The vulnerability can allow user‑assisted attackers to execute arbitrary code. The provided connected documents do not spec...
CVE-2005-0838
Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via 1 a long test value in an xsl:when tag, 2 a long test value in an xsl:if tag, or 3 a long select value in an xsl:value-of tag...
CVE-2005-0837
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...
Icecast 2.x - XSL Parser Multiple Vulnerabilities
Icecast 2.x - XSL Parser Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12849/info Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported: Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue...
Icecast 2.x - XSL Parser Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/12849/info Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported: Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks...
thttpd < 2.20 Arbitrary World-Readable File Disclosure
Binary data 2120.prm...
PT-2009-6742 · Gnome +1 · Glib2-Debuginfo +8
Name of the Vulnerable Software and Affected Versions: GLib versions prior to 2.20 glib2-devel versions prior to 2.12.3 glib2-debuginfo versions prior to 2.12.3 libgio-2 0-0 versions prior to 2.20 libgmodule-2 0-0 versions prior to 2.20 libgobject-2 0-0 versions prior to 2.20 libgthread-2 0-0...