IrcDelphi Daemon Server Denial of Service

No description provided by source. DCA-0010 Software - IrcDelphi Daemon Server Vendor Product Description - IRC Daemon IRCd, IRC Server coded in Delphi/Kylix using Indy components. Easy to use and light irc daemon. Bug Description - The IRC Daemon does not sanitize the variable NICK correctly...

Microsoft Internet Explorer 5/6 JavaScript Interface Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3469/info It is reported that Microsoft Internet Explorer may permit aspects of the Internet Explorer interface to be spoofed. This could facilitate numerous attacks against users of the browser, including spoofing of bot...

Microsoft OWC Spreadsheet HTMLURL Buffer Overflow

No description provided by source. $Id: ms09043owchtmlurl.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5004/info SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML Extensible Markup Language format. Such queries can be sent using various methods of communication...

Orinoco OEM Residential Gateway SNMP Community String Remote Configuration

No description provided by source. source: http://www.securityfocus.com/bid/5436/info Orinoco is the manufacturer of various wireless network components, including access points and network cards. It is possible to remotely gain access to the identification string used for configuration of OEM...

Microsoft Internet Explorer 7/8 Beta 1 Frame Location Cross Domain Security Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29986/info Microsoft Internet Explorer is prone to a cross-domain scripting security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to...

MS11-002: Microsoft Data Access Components Vulnerability

No description provided by source. html xmlns:t = urn:schemas-microsoft-com:time head meta name=License content=Q Public License;http://en.wikipedia.org/wiki/QPublicLicense style .body test /style script src=heapLib.js/script script // This code has been released under the Q Public License by...

Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...

TimThumb 2.8.13 Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit...

MS11-002: Vulnerabilities in Microsoft Data Access Components could allow remote code execution

Resolves vulnerabilities in Microsoft Data Access Components that could allow remote code execution if a user views a specially crafted webpage.Support for Windows Vista Service Pack 1 SP1 ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows...

[musl] Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484]

A remote stack-based buffer overflow has been found in musl libc's dns response parsing code. The overflow can be triggered in programs linked against musl libc and making dns queries via one of the standard interfaces getaddrinfo, getnameinfo, gethostbyname, gethostbyaddr, etc. if one of the...

[Onapsis Security Advisories] Multiple Hard-coded Usernames in SAP Components

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisories:Multiple Hard-coded Usernames CWE-798 have been found and patched in a variety of SAP components. Summaries of the advisories with links to full versions follow: 1. ONAPSIS-2014-011-SAP Project System Structures and...

CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

CVE-2014-1823

CVE-2014-1823 is an XSS vulnerability affecting Microsoft Lync Server 2010 and 2013, specifically in the Web Components Server. A crafted URL containing a valid meeting ID can be used to inject arbitrary web script or HTML remotely. Multiple connected advisories corroborate the issue as an inform...

CVE-2014-1823

Cross-site scripting XSS vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."...

[SECURITY] Fedora 20 Update: check-mk-1.2.4p2-2.fc20

check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a new approach for collecting data from operating systems and network compone nts. It obsoletes NRPE, checkbyssh, NSClient, and checksnmp and it has many benefits, the most important are a significant reduction of CPU usag...

CVE-2014-3833

CVE-2014-3833 affects ownCloud Server: multiple XSS flaws in Gallery and core components, exploitable in versions prior to 5.0.16 and 6.0.x prior to 6.0.3, potentially linked to print_unescaped. The connected advisories/entries confirm affected ranges and provide an official remediation path: upg...

CVE-2014-3943

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...

CVE-2014-3943

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters...