Unfixed XSS vulnerability at www.newasp.net

Security researcher cyber, has submitted on 31/03/2007 a cross-site-scripting XSS vulnerability affecting www.newasp.net, which at the time of submission ranked 13481 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 31/03/2007. It is currently...

Unfixed XSS vulnerability at www.cstiger.de

Security researcher zuppergazi, has submitted on 17/03/2007 a cross-site-scripting XSS vulnerability affecting www.cstiger.de, which at the time of submission ranked 1106260 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/03/2007. It is...

Cross site scripting

Cross-site scripting XSS vulnerability in the wpexplainnonce function in the nonce AYS functionality wp-includes/functions.php for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and...

CVE-2007-0710

The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service persistent application crash via unspecified vectors, possibly related to CVE-2007-0614...

CVE-2007-0710

Summary (CVE-2007-0710) The Bonjour functionality in iChat on Apple Mac OS X 10.3.9 is affected. The vulnerability allows a remote attacker on the same network to cause a denial of service (persistent application crash) by triggering how iChat/Bonjour handles certain TXT records (TXT key hashes)....

getID3 library and Audio, Mediafield - arbitrary code execution

The getID3 library used by Audio and Mediafield contains a directory with scripts demonstrating use of the library. These scripts allow any visitor to browse the filesystem, read and delete files or write to zero-byte files or files with an mp3 extension. These actions are only limited by the...

CVE-2007-0958

Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter PTINTERP functionality and triggering a core dump, a variant of CVE-2004-1073...

CVE-2007-0925

Cross-site scripting XSS vulnerability in search/SearchResults.aspx in Community Server allows remote attackers to inject arbitrary web script or HTML via the q parameter...

Authentication flaw

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...

Cross site scripting

Allonsvoter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 adminajouter.php or 2 adminsupprimer.php. NOTE: this could be leveraged to conduct cross-site scripting XSS attacks...

CVE-2007-0873

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...

CVE-2007-0873

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...

CVE-2007-0874

Allonsvoter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 adminajouter.php or 2 adminsupprimer.php. NOTE: this could be leveraged to conduct cross-site scripting XSS attacks...

EUVD-2007-0869

nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for 1 configedit.php, 2 templateedit.php, or 3 surveyedit.php in admin/...

CVE-2007-0873

NABOpoll 1.1.2 is vulnerable to an authentication-bypass that lets remote attackers access certain administrative functionality by directly requesting admin URLs. Specifically, requesting (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in the admin/ directory can bypass login c...

Security feature bypass

Unspecified vulnerability in the Chat Room functionality in Yahoo! Messenger 8.1.0.239 and earlier allows remote attackers to cause a denial of service via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Unfixed XSS vulnerability at www.barhan.cn

Security researcher CoNqUeRoR, has submitted on 02/07/2007 a cross-site-scripting XSS vulnerability affecting www.barhan.cn, which at the time of submission ranked 1992683 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/07/2007. It is...

CVE-2007-0763

Cross-site scripting XSS vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field...

Design/Logic Flaw

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service disrupted communication via a flood o...

CVE-2007-0614

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...