CVE-2008-1669

Summary: CVE-2008-1669 affects the Linux kernel and arises from inadequate protection for fcntl in 2.6.x kernels prior to 2.6.25.2. The issue enables local users to (1) execute code in parallel and (2) trigger a race that can give re-ordered access to the descriptor table. Evidence in connected a...

maiancart-xss.txt

---------------------------------------------------------------- Script : Maian Cart v1.1 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...

Manage Watchers shows users with no permission

We have just upgraded to Jira 3.12.2 and like the new functionality when adding watchers to an issue. There is one problem with this though. It is showing all users, including users with no permissions. This means that all employees that stopped working here will show in the drop down. We do not...

Unfixed XSS vulnerability at www.zum.de

Security researcher kInGoFcHaOs, has submitted on 28/04/2008 a cross-site-scripting XSS vulnerability affecting www.zum.de, which at the time of submission ranked 15344 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/04/2008. It is currently...

Unfixed XSS vulnerability at www.stampwants.com

Security researcher KrepTOr, has submitted on 24/04/2008 a cross-site-scripting XSS vulnerability affecting www.stampwants.com, which at the time of submission ranked 221099 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/04/2008. It is...

Vulnerabilities in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Weak Password уязвимостях в WordPress. Abuse of Functionality: В WordPress имеется возможность определения логинов в системе. Уязвимость заключается в том, что при введении верного и неверного логина при неверном пароле...

Unfixed XSS vulnerability at www.pro-koeln-online.de

Security researcher Hanno Boeck, has submitted on 20/03/2008 a cross-site-scripting XSS vulnerability affecting www.pro-koeln-online.de, which at the time of submission ranked 1636511 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/03/2008. ...

CVE-2008-1076

Cross-site scripting XSS vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Fedora 8 : cacti-0.8.7b-1.fc8 (2008-1699)

Fixes: XSS vulnerabilities Path disclosure vulnerabilities SQL injection vulnerabilities HTTP response splitting vulnerabilities bug0000855: Unnecessary and faulty DEF generation for CF:AVERAGE bug0001083: Small visual fix for Cacti in 'View Cacti Log File' bug0001089: Graph xport modification to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 searchtext, 3 jobcategoryid, 4 contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third...

CVE-2008-0793

Multiple cross-site scripting XSS vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 searchtext, 3 jobcategoryid, 4 contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third...

Unfixed XSS vulnerability at www.pc-ware.com

Security researcher Fabian Fingerle, has submitted on 13/02/2008 a cross-site-scripting XSS vulnerability affecting www.pc-ware.com, which at the time of submission ranked 356949 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is...

Unfixed XSS vulnerability at www.prcenter.de

Security researcher Fabian Fingerle, has submitted on 02/06/2008 a cross-site-scripting XSS vulnerability affecting www.prcenter.de, which at the time of submission ranked 56286 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008. It is...

TinTin++ / WinTin++ 1.97.9 - '#chat' Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/27660/info TinTin++ and WinTin++ are prone to multiple security vulnerabilities affecting the application's 'chat' functionality. These issues include a buffer-overflow vulnerability, a denial-of-service vulnerability, and a file-overwrite vulnerability...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

ozjournals-disclose.txt

Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type: Local File Exposure Author: shinmai, 2008-01-21 Description: OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This protects from traditional LFI-exploits, bu...

OZJournals 2.1.1 (id) File Disclosure Vulnerability

No description provided by source. Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type: Local File Exposure Author: shinmai, 2008-01-21 Description: OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This protect...

OZJournals 2.1.1 (id) File Disclosure Vulnerability

Exploit for unknown platform in category web applications =================================================== OZJournals 2.1.1 id File Disclosure Vulnerability =================================================== Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type:...