PAFileDB 3.1 Error Message Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11817/info paFileDB is prone to an installation path disclosure. If invalid requests are made to certain scripts, the installation path is included in the returned error message...

Sage 1.0 beta 3 Content Management System Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation...

PEamp (.mp3) Memory Corruption PoC

No description provided by source. /Title: PEamp .mp3 Memmory Corruption PoC Author: Ayrbyte Link: http:www.softpedia.com/get/Multimedia/Audio/Audio-Players/mp3player.shtml Versi: v1.02b Tested on: Windows 7 Fb: facebook.com/Ayrbyte Greetz To : all CREMY Family, and for all indonesian indonesian...

TIPS MailPost 5.1.1 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11598/info MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and scri...

Virtual Hosting Control System 2.2/2.4 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser...

IBM Net.Data 7.0/7.2 db2www Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9488/info IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This...

HostAdmin 0 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8401/info HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information...

PBBoard 2.1.4 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu...

Macromedia ColdFusion MX 6.0 Error Message Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is...

Jakarta Tomcat 3.x/4.0 Error Message Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver...

Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain...

CXF: HTML content posted to SOAP endpoint could cause OOM errors

A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...

RelateIQ: SSRF (Portscan) via Register Function (Custom Server)

Hi, the custom server option during registration allows performing portscans or "Server Side Request Forgery" from "relateiq" systems to external and potential internal systems. the following is a sample request used excluding cookies: POST /app/GWT.rpc HTTP/1.1 Host: app.relateiq.com User-Agent:...

openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)

Added a patch to fix errors in the pkcs11n.h header file. bmo702090 - update to 3.13.1 RTM - better SHA-224 support bmo647706 - fixed a regression causing hangs in some situations introduced in 3.13 bmo693228 - update to 3.13.0 RTM - SSL 2.0 is disabled by default - A defense against the SSL 3.0...

Operation was canceled by user

Challenge Job fails with error message: Error Operation was canceled by user Cause The two main causes of this error are: 1. A backup window has been configured within the job. 2. The user canceled the job. Solution If the issue was caused by a backup window, please reconfigure the backup window...

Localize: Bug on registration as new Translator user

It tells me "Please make sure to enter a valid password and to re-type the verification correctly", I selected "Translator", entered my username as "tarzxvf", entered the password as "tarzxvfismypassword" im just wondering where the verification is? And my suggestion you can use modal when tellin...

Design/Logic Flaw

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...

CVE-2013-4728

DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...

CVE-2013-1804

Multiple cross-site scripting XSS vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the 1 highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the...

CVE-2014-2890

Cross-site scripting XSS vulnerability in the wraphtml function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openiderror parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error...