Design/Logic Flaw

Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php...

CVE-2009-3110

Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does...

Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service

No description provided by source. MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the...

Microsoft IIS FTPd Denial Of Service

MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...

Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")

MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...

Microsoft IIS 5.0/6.0 FTP Server - Stack Exhaustion Denial of Service

MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...

Design/Logic Flaw

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

CVE-2008-7051

AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...

Authentication flaw

AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...

CVE-2008-7051

AJ Square AJ Article is affected by CVE-2008-7051, where remote attackers can bypass authentication and access administrator functionality by directly requesting any of the admin scripts: user.php, articles.php, articlesuspend.php, site.php, statistics.php, mail.php, category.php, subcategory.php...

CVE-2009-2882

Multiple cross-site scripting XSS vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 browseladies.php and 2 browsemen.php, the 3 gender parameter to search.php, and the 4 id parameter to services.php...

Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)

The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. OpenVAS Vulnerability Test $Id: mdksa2009183.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:183 apache-modsecurity Authors: Thomas Reinke Copyright:...

CVE-2009-2087

The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...

CVE-2009-2716

CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...

Unfixed XSS vulnerability at www.rtl.fr

Security researcher 599eme Man, has submitted on 08/07/2009 a cross-site-scripting XSS vulnerability affecting www.rtl.fr, which at the time of submission ranked 12025 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2009. It is currently...

Chrome privilege escalation due to incorrectly cached wrapper — Mozilla

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher mozbugra4 demonstrated tha...

TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities

TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities ============================================================================== TinyBrowser TinyMCE Editor File browser 1.41.6 - Multiple Vulnerabilities...

Unfixed XSS vulnerability at www.whatisscientology.org

Security researcher lljkrieg, has submitted on 21/07/2009 a cross-site-scripting XSS vulnerability affecting www.whatisscientology.org, which at the time of submission ranked 313267 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2009. It...

[SECURITY] Fedora 9 Update: drupal-views-6.x.2.6-1.fc9

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

CVE-2009-1713

CVE-2009-1713 is a WebKit XSLT vulnerability. In qt4-x11 (and related WebKit deployments like Safari) the XSLT document() function can be mis-implemented, allowing a remote attacker to read arbitrary local files and files in other security zones via crafted HTML/XML. Debian DSA-1988 confirms the ...