Drupal Panels Module 6.x PHP Code Execution Vulnerability

A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code...

RedHat Update for xorg-x11-server RHSA-2010:0382-01

Check for the Version of xorg-x11-server OpenVAS Vulnerability Test RedHat Update for xorg-x11-server RHSA-2010:0382-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for...

[SECURITY] Fedora 13 Update: fcron-3.0.5-1.fc13

Fcron is a scheduler. It aims at replacing Vixie Cron, so it implements most of its functionalities. But contrary to Vixie Cron, fcron does not need your system to be up 7 days a week, 24 hours a day: it also works well with systems which are not running neither all the time nor regularly contrar...

CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

Cross site scripting

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

CVE-2009-4736

Cross-site scripting XSS vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field...

CVE-2010-0465

Cross-site scripting XSS vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field...

Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure

====================================================================== Secunia Research 17/03/2010 - Quicksilver Forums "mysqldump" Password Disclosure - ====================================================================== Table of Contents Affected...

Nensor CMS 2.01 Local File Inclusion / SQL Injection

Nensor CMS 2.01 Multiple Remote Vulnerabilities 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site...

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

Heap overflow

Heap-based buffer overflow in the rmtread function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service memory corruption or possibly execute arbitrary code by sending more data than was requested,...

Sql injection

SQL injection vulnerability in searchresult.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the courseID parameter...

Buffer overflow

Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager ISM Portmapper service aka portmap.exe, as used in IBM Informix Dynamic Server IDS 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a...

CVE-2009-2754

CVE-2009-2754 relates to a stack-based buffer overflow in librpc.dll’s authentication for the Portmapper service (portmap.exe) used by IBM Informix Dynamic Server (IDS) 10.x prior to 10.00.TC9 and 11.x prior to 11.10.TC3, and EMC Legato NetWorker. The issue is triggered by a crafted parameter siz...

Vulnerabilities in DataLife Engine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Insufficient Anti-automation уязвимостях в DataLife Engine DLE. Abuse of Functionality: http://site/index.php?do=register На странице регистрации функция "Проверить имя" позволяет выявить логины пользователей в системе...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors...

CVE-2010-0918

Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes aka Domino Web Access or DWA before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors...