The system allows the upload of the xml file may lead to xss-vulnerability warning-the black bar safety net

the xml file may contain an xml-stylesheet tag is used to specify an xsl file to the xml file format and output. In the xsl output of the process, you can output any html code, including thescriptag。。。。 That you can bomb alert. However, the xml formatted script permissions is relatively small, ma...

Six Apart Movable Type Formatting String Vulnerability

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. Pro, Open Source, and Advanced are the professional, open source, and advanced versions of the system, respectively. A formatting string vulnerability exists in Six Apart MT. A remote attacker could exploit this vulnerability to...

Medium: postgresql8

Issue Overview: An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages...

postgresql: buffer overflow in the to_char() function

A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user...

postgresql: buffer overflow in the to_char() function

A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user...

Microsoft Word Line Formatting Denial of Service Vulnerability

Microsoft Word is an office word processing system developed by Microsoft. webGate is an APM solution for real-time monitoring and performance management of business-critical systems based on J2EE architecture. A security vulnerability in Microsoft Word line formatting allows an attacker to...

(0Day) Microsoft Word Line Formatting Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Rootpipe: you can get Apple Mac OS X Yosemite system the highest authority the serious vulnerability-vulnerability warning-the black bar safety net

The Swedish security researchers recently discovered Apple OS X Yosemite system fatal vulnerability. The vulnerability can enable hackers on the target computer, elevated privileges, so that it is possible to obtain a system of the highest access permissions, that is, we usually say that the Root...

openssl: information leak in pretty printing functions

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...

openssl: information leak in pretty printing functions

It was discovered that the OBJobj2txt function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory...

FuelPHP vulnerable to remote code execution

Overview FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

IBM DB2 DTS To String Conversion - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11400/info IBM DB2 is reported prone to a denial of service vulnerability when DTS to string conversion is carried out. It is reported that during a DTS to string conversion a trap occurs if an empty formatting string is...

Ultimate PHP Board 1.0/1.1 Image Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4603/info Ultimate PHP Board UPB is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Ultimate PHP Board does not filter script code from image tags. This may...

MS IE 5/6 Legacy Text Formatting ActiveX Component Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/5558/info A buffer overflow vulnerability has been reported in Microsoft Internet Explorer's Legacy Text Formatting ActiveX control. The Legacy Text Formatting ActiveX control is used by Internet Explorer to display...

PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow

No description provided by source. From: Maksymilian Arciemowicz cxib securityreason com Date: Fri, 10 Dec 2010 14:43:32 +0100 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow Author: Maksymilian Arciemowicz http://securityreason.com/...

[SECURITY] Fedora 19 Update: mingw-icu-50.1.2-3.fc19

ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...

[SECURITY] Fedora 20 Update: mingw-icu-50.1.2-3.fc20

ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...

Fedora Update for perltidy FEDORA-2014-3874

Check for the Version of perltidy OpenVAS Vulnerability Test Fedora Update for perltidy FEDORA-2014-3874 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 20 Update: perltidy-20130922-1.fc20

Perltidy is a Perl script which indents and reformats Perl scripts to make them easier to read. If you write Perl scripts, or spend much time reading them, you will probably find it useful. The formatting can be controlled with command line parameters. The default parameter settings approximately...

[SECURITY] Fedora 19 Update: perltidy-20130922-1.fc19

Perltidy is a Perl script which indents and reformats Perl scripts to make them easier to read. If you write Perl scripts, or spend much time reading them, you will probably find it useful. The formatting can be controlled with command line parameters. The default parameter settings approximately...