CVE-2007-4493

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...

Design/Logic Flaw

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...

iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability

Trend Micro SSAPI Long Path Buffer Overflow Vulnerability iDefense Security Advisory 08.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 20, 2007 I. BACKGROUND Trend Micro AntiSpyware is a spyware detection and removal application designed to help protect home users computers,...

Unfixed XSS vulnerability at search.dunyagazetesi.com.tr

Security researcher St@rExT, has submitted on 19/08/2007 a cross-site-scripting XSS vulnerability affecting search.dunyagazetesi.com.tr, which at the time of submission ranked 47501 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/08/2007. It...

CVE-2007-4386

SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter...

CentOS 4 : libgtop2 (CESA-2007:0765)

An updated libgtop2 package that fixes a security issue and a functionality bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libgtop2 package contains a library for obtaining information...

liberoit-xss.txt

The Italian ISP Libero.it not check the HTTP POST Parameter "pQuery" on search query and displays the content of this variable without modification within the html form area. Security problems on Libero's 155.it allows attackers to conduct XSS attacks for the following URL:...

Cross site scripting

Cross-site scripting XSS vulnerability in the Temporary Uploads editing functionality wp-admin/includes/upload.php in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php...

Unfixed XSS vulnerability at www.shopsex.cz

Security researcher CrypTIc, has submitted on 26/07/2007 a cross-site-scripting XSS vulnerability affecting www.shopsex.cz, which at the time of submission ranked 2908705 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is current...

xorg security update

CentOS Errata and Security Advisory CESA-2007:0519 Updated X.org packages that correct a flaw in the way the X.Org X11 xfs font server starts are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.or...

CVE-2007-3484

Cross-site scripting XSS vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script...

PT-2007-4745 · Google · Google Custom Search Engine

Name of the Vulnerable Software and Affected Versions: Google Custom Search Engine affected versions not specified Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the q parameter in the search functionality. This issue is disputed b...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

Null pointer dereference

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

CVE-2007-1664

CVE-2007-1664 affects ekg prior to 1:1.7~rc2-1etch1 in Debian Etch, where a NULL pointer dereference in the token OCR functionality allows remote denial of service. Related entries show Debian has a security advisory (DSA-1318-1) and Fedora/OpenVAS references tracking a الفض updates (e.g., FEDORA...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

core-dumping unreadable binaries via PT_INTERP

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter PTINTERP functionality and triggering a core dump, a variant of CVE-2004-1073...

Unfixed XSS vulnerability at www.nfpa.org

Security researcher CoNqUeRoR, has submitted on 06/07/2007 a cross-site-scripting XSS vulnerability affecting www.nfpa.org, which at the time of submission ranked 108056 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2007. It is currentl...

Unfixed XSS vulnerability at caricatura.ru

Security researcher zuppergazi, has submitted on 06/03/2007 a cross-site-scripting XSS vulnerability affecting caricatura.ru, which at the time of submission ranked 54809 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2007. It is current...