Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue

-- Corsaire Security Advisory -- Title: VMware ESX Server Password Cross Site Request Forgery issue Date: 14.11.05 Application: VMware ESX prior to 2.5.3 upgrade patch 2 VMware ESX prior to 2.1.3 upgrade patch 1 VMware ESX prior to 2.0.2 upgrade patch 1 Environment: VMware ESX Author: Stephen de...

CVE-2006-3945

The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service crash by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption...

ruby -- multiple vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted...

e107XSS.txt

http://target.xx/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript% 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author= ------------------ Submit comment Subject: 'alert/XSS/ Click Reply to this you comment. Ellipsis Security http://www.ellsec.org...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...

CVE-2006-2925

Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...

CVE-2006-2925

Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...

Sphider.txt

--------------------------------------------- Sphider Multiple Xss Vulnerabilities --------------------------------------------- Site: http://www.cs.ioc.ee/ando/sphider/ Bug: 1- http://victim/path/search.php/"alert/Soot/ 2- http://victim/path/search.php?category="alert/Soot/...

CVE-2006-2479

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...

Design/Logic Flaw

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...

CVE-2006-2479

Technical details about CVE-2006-2479 are not publicly provided in the supplied documents. Monitor for updates; current records summarize the issue at a high level without specifics on affected versions, vectors, or mitigations.

CVE-2006-2479

The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...

[Full-disclosure] Multiple Vulns in Bitrix CMS

Multiple Vulns in Bitrix CMS Vendor bitrix.com Version The latest one 4.1.x Severity Medium Patched: No Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can conduct XSS attacks and compromise vulnerable system. 1. A remote attacker can get information about version history and...

Cross site scripting

Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...

CVE-2006-2390

Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...

CVE-2006-2390

The set of connected documents confirms a cross-site scripting (XSS) vulnerability in OZJournals 1.2, exploitable via the vname parameter in the comments functionality. The CVSSv2 base score is 5.8 (Medium), with network access required and no user interaction needed, and impact described as part...

Sql injection

SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 linkdirtarget and 2 linkidtarget parameter, possibly involving the linkedit functionality...

Buffer overflow

Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when...

CVE-2006-2027

CVE-2006-2027 describes a buffer overflow in Unicode processing within the logging functionality of Pablo Software Solutions Quick 'n Easy FTP Server (Professional and Lite, probably v3.0). The flaw could allow remote authenticated users to execute arbitrary code by sending a command with a long ...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...