6679 matches found
CVE-2007-5716
Unspecified vulnerability in the Internet Protocol IP functionality in Sun Solaris 10 allows local users to cause a denial of service panic via unspecified vectors, probably related to a UDP packet...
CVE-2007-5358
Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...
CVE-2007-5228
CVE-2007-5228 is a Drupal XSS vulnerability in the subscription functionality of the Project issue tracking module. The issue enables remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors in the (1) individual and (2) ove...
Unfixed Redirect vulnerability at tarih.us
Security researcher Narcoticxs, has submitted on 30/09/2007 a Redirect vulnerability affecting tarih.us, which at the time of submission ranked 7330054 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2007. It is currently unfixed. If you...
Unfixed XSS vulnerability at www.rubne.com
Security researcher BackDoor, has submitted on 24/09/2007 a cross-site-scripting XSS vulnerability affecting www.rubne.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2007. It is currently...
Unfixed XSS vulnerability at www.satagear.com
Security researcher tenest, has submitted on 22/09/2007 a cross-site-scripting XSS vulnerability affecting www.satagear.com, which at the time of submission ranked 1195424 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2007. It is...
Moderate: Red Hat Security Advisory: xorg-x11 security update
Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...
simpcms-sql.txt
SimpCMS = all Remote SQL Injection Vulnerability Found By : ú Cold z3ro , http://www.hackteach.org/ Script : http://www.simpcms.com/ ==================================== Exploit : /index.php?site=search&keyword=1'//union//select//0,1,2,3,name,5,6//from//categories/ OR /index.php?site=search in...
Unfixed XSS vulnerability at www.moviebox.se
Security researcher By Encore, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting www.moviebox.se, which at the time of submission ranked 459655 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It is...
Unfixed XSS vulnerability at search.burlingtoncoatfactory.com
Security researcher tenest, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting search.burlingtoncoatfactory.com, which at the time of submission ranked 38072 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007...
Hardcoded credentials
The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...
CVE-2007-4901
The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...
CVE-2005-4862
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password...
Design/Logic Flaw
newswire/uploadmedia.cgi in 2coolcode Our Space Ourspace 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi...
CVE-2007-4647
newswire/uploadmedia.cgi in 2coolcode Our Space Ourspace 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi...
CVE-2007-4647
CVE-2007-4647 affects 2coolcode Our Space (Ourspace) 2.0.9. The issue is in uploadmedia.cgi, where unrestricted upload functionality allows remote attackers to upload certain files via unspecified vectors. The root cause is not clearly detailed beyond “unrestricted functionality in uploadmedia.cg...
Unfixed XSS vulnerability at www.kreuzberg.de
Security researcher Renoized, has submitted on 30/08/2007 a cross-site-scripting XSS vulnerability affecting www.kreuzberg.de, which at the time of submission ranked 1055546 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is...
Unfixed XSS vulnerability at insideedition.com
Security researcher kRuSaDeR, has submitted on 29/08/2007 a cross-site-scripting XSS vulnerability affecting insideedition.com, which at the time of submission ranked 168785 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is...
[SECURITY] Fedora Core 6 Update: ipsec-tools-0.6.5-8.fc6
This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon...
Unfixed XSS vulnerability at www.municipia.it
Security researcher Langy, has submitted on 24/08/2007 a cross-site-scripting XSS vulnerability affecting www.municipia.it, which at the time of submission ranked 1083240 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/08/2007. It is current...