Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...

CVE-2009-4110

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...

CVE-2009-4110

The CVE-2009-4110 entry applies to DotNetNuke (DNN) 4.8.x through 5.1.4, where the Search functionality in SearchResults.aspx is vulnerable to cross-site scripting (XSS) due to insufficient sanitization of the user-provided search terms before dynamic HTML output. The vulnerability is exploitable...

Vulnerabilities in plugins for WordPress

Hello Bugtraq! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to the list earlier. This August I made a summary about all vulnerabilities in plugins for WordPress http://websecurity.com.ua/3397/, which I found during 2006-2009. In...

Code injection

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

CVE-2009-4073 affects Microsoft Internet Explorer’s printing functionality when a local HTML page is printed to PDF. The issue exposes local filesystem information by allowing a PDF generated from a local page to include the dc:title element that can reveal the file path, and possibly the usernam...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)

The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers...

SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)

The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute...

Design/Logic Flaw

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

[SECURITY] Fedora 11 Update: ocaml-postgresql-1.12.3-1.fc11.2

This OCaml-library provides an interface to PostgreSQL, an efficient and reliable, open source, relational database. Almost all functionality available through the C-API libpq is replicated in a type-safe way. This library uses objects for representing database connections and results of queries...

Google Reader Used in Koobface Attack

The attackers behind the insidious Koobface worm have taken to using Google Reader accounts that they control to spread the worm through shared Reader items. The infection method–which has been used before by Facebook worms–is another indication of the resilience and changing tactics the malware...

Buffer overflow

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...

CVE-2009-3700

Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...

Unfixed XSS vulnerability at india.recruit.net

Security researcher sameer saran, has submitted on 26/10/2009 a cross-site-scripting XSS vulnerability affecting india.recruit.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is...

Find Windows 2003 Client Functionality over WMI - Windows

Find Windows 2003 Client Functionality over WMI: NetMeeting OutlookExpress Windows Media Player SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Insufficient Anti-automation and Abuse of Functionality vulnerabilities in ALFcontact for Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Abuse of Functionality уязвимостях в компоненте ALFcontact comalfcontact для Joomla. Insufficient Anti-automation: http://site/option,comalfcontact/ На странице контактов нет защиты от автоматизированных запросов...

CVE-2009-3503

Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 rid and 2 tid parameters...

Code injection

Unspecified vulnerability in ia32el aka the IA 32 emulation functionality before 70427022-0.4.2 in SUSE Linux Enterprise SLE 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service system crash via a 32-bit x86 application...