MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

The remote host is running a version of Microsoft Step-by-Step Interactive Training that contains a flaw that could lead to remote code execution. To exploit this flaw, an attacker would need to trick a user on the remote host into opening a malformed file with the affected application. Tenable...

Sun Solaris Telnet Remote Authentication Bypass Vulnerability

Description Sun Solaris 10 is prone to a vulnerability that allows remote attackers to bypass authentication. Successfully exploiting this issue allows remote attackers to gain remote access to vulnerable computers. If the targeted computer is configured to allow non-console logins for superusers...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Interactive-Scripts.Com PHP Membership Manager 1.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2007-0567

The CVE-2007-0567 issue is an XSS vulnerability in Interactive-Scripts.Com PHP Membership Manager 1.5, exploitable via the _p parameter in admin.php. The root cause is unsanitized input leading to injection of arbitrary script/HTML. CVSS v2 base score is 6.8 (MEDIUM) with partial impacts on confi...

PHP Membership Manager Cross-Site Scripting Vulnerability

PHP Membership Manager Cross-Site Scripting Vulnerability PHP Membership Manager is a browser based tool which allows a site owner to easily manage an unlimited number of username / password accounts and groups which access secure, protected areas of a web site which require logging in before...

PHP Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php include...

: gnupg2 < 2.0.1 buffer overflow

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

USN-389-1: GnuPG vulnerability

A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode...

DEBIAN-CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

CVE-2006-5450

SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System KICS CMS allows remote attackers to execute arbitrary SQL commands via the 1 txtUsername user or 2 txtPassword pass parameters...

CVE-2006-5443

Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server WIMS before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."...

CVE-2006-5443

The CVE-2006-5443 entry concerns XIAO Gang’s WWW Interactive Mathematics Server (WIMS) prior to 3.60. A remote attacker could modify unspecified data via unspecified vectors related to "variable rights", with impact described as partial integrity loss. The connected sources confirm product and af...

Kinesis Interactive Cinema System - &#039;index.asp&#039; SQL Injection

source: https://www.securityfocus.com/bid/20607/info Kinesis Interactive Cinema System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

CVE-2006-4797

Cross-site scripting XSS vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter...

CVE-2006-4797

Cross-site scripting XSS vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter...

CVE-2006-4797

CVE-2006-4797 describes a cross-site scripting (XSS) vulnerability in CloudNine Interactive CJ Tag Board 3.0 . The flaw occurs in the tag.php handler, where an attacker can inject arbitrary web script or HTML by abusing a JavaScript event in a url BBcode tag within the cjmsg parameter. This is a ...

EV0136.txt

New eVuln Advisory: Links Manager Multiple XSS and SQL Injection Vulnerabilities http://evuln.com/vulns/136/summary.html --------------------Summary---------------- eVuln ID: EV0136 CVE: CVE-2006-4327 CVE-2006-4328 Vendor: CloudNine Interactive Vendor's Web Site:...