1680 matches found
BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by...
Gattaca Server 2003 - Null Byte Full Path Disclosure
source: https://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full...
Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service
Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service source: https://www.securityfocus.com/bid/10694/info A denial of service vulnerability is reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render...
12Planet Chat Server 2.9 - Cross-Site Scripting
12Planet Chat Server 2.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10659/info It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data. The problem presents itself when...
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size...
[Full-Disclosure] Lotus Notes URL argument injection vulnerability
OVERVIEW ======== Lotus Notes is a groupware/e-mail system developed by Lotus Software. Due to its security and collaboration features it's used particularly by large organizations, government agencies, etc. IBM estimates it is used by 60 million people. During the client-side Windows installatio...
MDKSA-2004:053 - Updated xpcd package fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: xpcd Advisory ID: MDKSA-2004:053 Date: June 1st, 2004 Affected versions: 10.0, 9.2 Problem Description: A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib t...
vBulletin 1.02.x3.0 - index.php User Interface Spoofing
vBulletin 1.02.x3.0 - index.php User Interface Spoofing source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of...
HAHTsite Scenario Server fails to handle overly long URLs
Overview HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name". Description HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in...
MPlayer contains a buffer overflow in the HTTP parser
Overview MPlayer fails to properly allocate a memory buffer for URL strings containing characters that need to be escaped. Description MPlayer is a movie player for Linux and other Unix-based operating systems. MPlayer fails to properly allocate a memory buffer for URL strings containing characte...
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using ...
[SECURITY] [DSA 451-1] New xboing packages fix buffer overflows
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 451-1 [email protected] http://www.debian.org/security/ Matt Zimmerman February 27th, 2004 http://www.debian.org/security/faq -...
EZBoard 7.3 - Font Tag HTML Injection
EZBoard 7.3 - Font Tag HTML Injection source: https://www.securityfocus.com/bid/9725/info ezboard is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in font tags of posts to the bulletin board. This code may be...
Darwin Streaming Server denial-of-service vulnerability
An attacker can cause an assertion to trigger by sending a long User-Agent field in a request...
CitrusDB 0.3.6 - Remote Authentication Bypass
CitrusDB 0.3.6 - Remote Authentication Bypass source: https://www.securityfocus.com/bid/12560/info CitrusDB is reportedly affected by an authentication bypass vulnerability. This issue is due to the application using a static value during the creation of user cookie information. An attacker could...
Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution
Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when...
Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service
source: https://www.securityfocus.com/bid/9519/info A problem has been identified in the handling of specific types of requests by SurfNOW. Upon receiving specially crafted HTTP GET requests, it is possible for a remote attacker to crash a vulnerable implementation, denying service to the user. G...
PHPGedView 2.52.6 - Source.php Cross-Site Scripting
PHPGedView 2.52.6 - Source.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11888/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue...
PHPGedView 2.52.6 - Relationship.php Cross-Site Scripting
PHPGedView 2.52.6 - Relationship.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11906/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This...
PHPGedView 2.5/2.6 - 'login.php' Newlanguage Cross-Site Scripting
source: https://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...