212 matches found
CVE-2010-4879
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the inputfile parameter...
Mandriva Update for freetype2 MDVSA-2011:120 (freetype2)
Check for the Version of freetype2 OpenVAS Vulnerability Test Mandriva Update for freetype2 MDVSA-2011:120 freetype2 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
VLC Media Player '.AVI' File BOF Vulnerability (Windows)
The host is installed with VLC Media Player and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayeravibofvulnwin.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player '.AVI' File BOF Vulnerability Windows Authors: Madhuri D Copyright: Copyright c...
Cybozu Garoon Cross Site Scripting Vulnerability
This host is running Cybozu Garoon and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodcybozugaroonxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Cybozu Garoon Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...
Malicious Ads Serving Malware to Spotify Users
Users of free music streaming service, Spotify are reporting that they have been the victims of drive-by malware attacks according to a report from Netcraft. The attacks appear to be coming from third party advertisements which are displayed in the ad-supported version of Spotify’s software. By...
Mandriva Update for libgdiplus MDVSA-2010:166 (libgdiplus)
Check for the Version of libgdiplus OpenVAS Vulnerability Test Mandriva Update for libgdiplus MDVSA-2010:166 libgdiplus Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...
Software Index a remote file upload vulnerability-vulnerability warning-the black bar safety net
Upload file filter is not strict, resulting in remote file upload executable code vulnerabilities. Bulk Google Dork : Copyright 2 0 1 0. Software Index Exp: the html head TitleSelect Image File for uploading/Title script language="JavaScript" function checkFile if form1. userfile. value == ""...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in openMairie openCourrier 2.02 and 2.03 beta, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 bible.class.php, 2 dossier.class.php, 3 service.class.php, 4...
Stack overflow
Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project .psh file, related to the 1 celln.imagesm.image and 2 celln.sound.file fields...
Unrestricted file upload
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in carsimages/...
CVE-2008-6926
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpathshow parameter in a GoAhead action. NOTE: this issue only...
CVE-2008-6921
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/...
Ubuntu Update for openoffice.org(2)/-amd64 vulnerability USN-482-1
Ubuntu Update for Linux kernel vulnerabilities USN-482-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4821.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openoffice.org2/-amd64 vulnerability USN-482-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Unrestricted file upload
Unrestricted file upload vulnerability in Photos/createalbum.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Memberimages/...
CVE-2008-3742
Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated...
Unrestricted file upload
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in...
Nik Software Sharpener Pro vulnerable to privilege escalation
Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...
xnview-overflow.txt
-------- XNview -------- Informations : Version : 1.92.1 Website : http://www.xnview.com/ Problem : Long Filename Overflow Description: XnView is an efficient multimedia viewer, browser, and converter. It supports more than 400 graphic file formats PNG, JPEG, TARGA, TIFF, GIF, BMP, and more...
Debian Security Advisory DSA 637-1 (exim-tls)
The remote host is missing an update to exim-tls announced via advisory DSA 637-1. OpenVAS Vulnerability Test $Id: deb6371.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 637-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
SOL6919 - Cross-site scripting vulnerability in my.activation.php3 CVE-2007-3097
A cross-site scripting XSS vulnerability exists in the FirePass my.activation.php3 logon page.The affected FirePass logon URL fails to fully sanitize certain URL arguments before the requested web page content is returned to the browser. It is possible for an attacker to create web pages, emails ...