6679 matches found
OZJournals 2.1.1 - id File Disclosure
OZJournals 2.1.1 - id File Disclosure Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type: Local File Exposure Author: shinmai, 2008-01-21 Description: OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This...
OZJournals 2.1.1 - 'id' File Disclosure
Name: OZJournals 2.1.1 Webiste: http://www.aqonlinenetworks.com/ Vulnerability type: Local File Exposure Author: shinmai, 2008-01-21 Description: OZJournals uses .php-files as it's storage, and posts are read from them with the getcontents-function. This protects from traditional LFI-exploits, bu...
CVE-2007-6569
Cross-site scripting XSS vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246...
Unfixed XSS vulnerability at www.emiliaromagnalavoro.it
Security researcher Langy, has submitted on 18/12/2007 a cross-site-scripting XSS vulnerability affecting www.emiliaromagnalavoro.it, which at the time of submission ranked 3937609 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/12/2007. It ...
[SECURITY] Fedora 8 Update: xfce4-places-plugin-1.0.0-2.fc8
A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=E2=80=99s Places me nu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined directories home folder,...
[SECURITY] Fedora 7 Update: xfce4-places-plugin-1.0.0-2.fc7
A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=E2=80=99s Places me nu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined directories home folder,...
Stack overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
CVE-2007-6377
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string...
Unfixed XSS vulnerability at www.bibel-online.net
Security researcher TotalSchaden, has submitted on 12/02/2007 a cross-site-scripting XSS vulnerability affecting www.bibel-online.net, which at the time of submission ranked 275395 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/02/2007. It ...
Unfixed XSS vulnerability at www.oekotest.de
Security researcher TotalSchaden, has submitted on 12/02/2007 a cross-site-scripting XSS vulnerability affecting www.oekotest.de, which at the time of submission ranked 73185 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/02/2007. It is...
Unfixed XSS vulnerability at www.cbidirectory.co.uk
Security researcher Genocide, has submitted on 27/11/2007 a cross-site-scripting XSS vulnerability affecting www.cbidirectory.co.uk, which at the time of submission ranked 994004 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/11/2007. It is...
RHEL 4 : wireshark (RHSA-2007:0709)
New Wireshark packages that fix various security vulnerabilities and functionality bugs are now available for Red Hat Enterprise Linux 4. Wireshark was previously known as Ethereal. This update has been rated as having low security impact by the Red Hat Security Response Team. Wireshark is a...
Design/Logic Flaw
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2...
CVE-2007-5934
The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2...
MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability
Exploit for multiple platform in category dos / poc ======================================================= MySQL mysql CREATE TABLE test id int10 unsigned NOT NULL AUTOINCREMENT PRIMARY KEY, foo text NOT NULL ENGINE=InnoDB DEFAULT CHARSET=latin1; Query OK, 0 rows affected mysql SELECT FROM test...
Unfixed XSS vulnerability at www.twbookjuice.co.uk
Security researcher By Encore, has submitted on 11/04/2007 a cross-site-scripting XSS vulnerability affecting www.twbookjuice.co.uk, which at the time of submission ranked 3574562 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/04/2007. It i...
Unfixed XSS vulnerability at www.ikmagazine.com
Security researcher 0ssi3, has submitted on 11/02/2007 a cross-site-scripting XSS vulnerability affecting www.ikmagazine.com, which at the time of submission ranked 3419337 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/02/2007. It is...
Buffer overflow
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions Everyone:Write for the \.\Tmfilter device, which allows local users to send arbitrary content to the device via the...
Code injection
Unspecified vulnerability in the Internet Protocol IP functionality in Sun Solaris 10 allows local users to cause a denial of service panic via unspecified vectors, probably related to a UDP packet...
CVE-2007-5716
Unspecified vulnerability in the Internet Protocol IP functionality in Sun Solaris 10 allows local users to cause a denial of service panic via unspecified vectors, probably related to a UDP packet...