41 matches found
RarmaRadio 2.53.1 - .m3u Denial of Service
RarmaRadio 2.53.1 - .m3u Denial of Service Title: RarmaRadio .m3u Denial of service vulnerability Author : anT!-Tr0J4n Greetz : Dev-PoinT.com inj3ct0r.com all DEV-PoinT t34m thanks : r0073r ; Sid3^effects ; L0rd CrusAd3r ; all Inj3ct0r 31337 Member Home : www.Dev-PoinT.com $ http://inj3ct0r.com...
Code injection
The 1 ncpmount, 2 ncpumount, and 3 ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service application failure via unspecified vectors that trigger the creation of a /etc/mtab file that persists after the program exits...
CVE-2010-0791
The CVE-2010-0791 issue affects ncpfs 2.2.6 (ncpmount, ncpumount, ncplogin). The root cause is improper creation of lock files, enabling local attackers to cause a denial of service via a /etc/mtab~ file that persists after exit. Related advisories (SUSE/openSUSE, Mandriva) document this alongsid...
World in Conflict 1.008 - Null Pointer Remote Denial of Service
source: https://www.securityfocus.com/bid/29888/info World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to crash the affected application, denying service to legitimate users...
RealPlayer 10 - .ra Remote Denial of Service
RealPlayer 10 - .ra Remote Denial of Service !/usr/bin/python Real player 10 Gold .Ra file remote Dos. Credits to n00b for finding this bug This bug is a nasty memory leak with in Real player 10 gold please remember if your guna test it out save all your info you need first..Coz your probly guna...
USN-428-2: Firefox regression
USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to library paths caused applications depending on libnss3 to fail to start up. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several flaws have been found that could be used to perform...
Prodder 0.4 - Arbitrary Shell Command Execution
Prodder 0.4 - Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting
Ipswitch WhatsUp Professional 2006 - NmConsoleToolResults.asp?sHostname Cross-Site Scripting source: https://www.securityfocus.com/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code...
DbbS 2.0 - Multiple Input Validation Vulnerabilities
DbbS 2.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/17559/info DbbS is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and command-execution vulnerabilities. These issues are due to a failure in the application...
427BB 2.2 - showthread.php SQL Injection
427BB 2.2 - showthread.php SQL Injection source: https://www.securityfocus.com/bid/16169/info 427BB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
jPORTAL 2.2.12.3 Forum - forum.php SQL Injection
jPORTAL 2.2.12.3 Forum - forum.php SQL Injection source: https://www.securityfocus.com/bid/15925/info JPortal Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection
source: https://www.securityfocus.com/bid/15925/info JPortal Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/15890/info ECW-Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...
1-Script 1-Search 1.8 - '1search.CGI' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15712/info 1-Search is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of ...
PHPNuke78.txt
NewAngels Advisory 7PHP Nuke sqlquery"SELECT active, view FROM ".$prefix."modules WHERE title='$name'"; The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code: $queryString = strtolower$SERVER'QUERYSTRING'; if...
IBM Lotus Domino Server 6.5.1 Web Service - Remote Denial of Service
IBM Lotus Domino Server 6.5.1 Web Service - Remote Denial of Service source: https://www.securityfocus.com/bid/13045/info A remote denial of service vulnerability affects IBM Lotus Domino Server web service. This issue is due to a failure of the application to properly handle malformed network...
Ocean12 Membership Manager Pro - Cross-Site Scripting
Ocean12 Membership Manager Pro - Cross-Site Scripting source: https://www.securityfocus.com/bid/13046/info Ocean12 Membership Manager Pro is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...
Sun Java System Application Server 7.08.0 - Remote Installation Full Path Disclosure
Sun Java System Application Server 7.08.0 - Remote Installation Full Path Disclosure source: https://www.securityfocus.com/bid/10424/info It is reported that Java System Application Server is prone to a remote installation path disclosure vulnerability. This issue is due to a failure of the...
Security Update for Microsoft .NET Framework 3.5 SP1 on Windows XP, Server 2003, Vista, Server 2008 x86 (KB2736416)
A security issue has been identified that could allow an unauthenticated remote attacker to cause the affected application to stop responding. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 SP1 for Itanium-based Systems (KB2736422)
A security issue has been identified that could allow an unauthenticated remote attacker to cause the affected application to stop responding. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...