173 matches found
Mura CMS <= 5.1 xss
Exploit for unknown platform in category web applications =================== Mura CMS = 5.1 xss =================== Objective: Mura CMS = 5.1 Type: Disclosure of ways Threat: Medium Date Discovered: 22.09.2009 Date of notification Developer: 22.09.2009 Released corrections: Author: Vladimir...
CVE-2007-3423
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...
CVE-2006-6682
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system...
Critical: Red Hat Security Advisory: thunderbird security update
Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation...
[SA18975] POPFile Email Message Handling Denial of Service
TITLE: POPFile Email Message Handling Denial of Service SECUNIA ADVISORY ID: SA18975 VERIFY ADVISORY: http://secunia.com/advisories/18975/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: POPFile 0.x http://secunia.com/product/8275/ DESCRIPTION: A vulnerability has been reported i...
CVE-2005-1262
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service application crash via a malformed MSN message...
CVE-2004-1574
Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field...
squid -- buffer overflow in WCCP recvfrom() call
According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3, The WCCP recvfrom call accepts more data than will fit in the allocated buffer. An attacker may send a larger-than-normal WCCP message to Squid and overflow this buffer. Severity: The bug is important because it allows remo...
CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service memory consumption and crash by sending repeated GET or POST requests that trigger error messages that use long strings of data...
F-Secure Policy Manager 5.11 - 'FSMSH.dll' CGI Application Installation Full Path Disclosure
source: https://www.securityfocus.com/bid/11869/info F-Secure Policy Manager includes a CGI application named 'fsmsh.dll'. By supplying unexpected input as an argument to the 'fsmsh.dll' application the vulnerable software will return an error message that includes the installation path of the...
CVE-2004-1700
Cross-site scripting XSS vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message...
CVE-2004-1597
RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service device reboot and possibly data corruption via a calendar message with a long Location field, which triggers a watchdog while the message is being stored...
OpenBB 1.0.x - Private Message Disclosure
OpenBB 1.0.x - Private Message Disclosure source: https://www.securityfocus.com/bid/10217/info It has been reported that OpenBB is affected by a private message disclosure vulnerability. This issue is due to a design error that fails to validate user credentials. This issue might allow an attacke...
IBM Net.Data 7.0/7.2 - db2www Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/9488/info IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This hostile code may be rendered in t...
QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users
Indonesia Security Development Team Advisory QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users ===================================================================== Advisory Name: QuikStore Shopping Cart Discloses Installation Path & Files to Remote Users Release Date:...
Citrix Metaframe XP - Cross-Site Scripting
Citrix Metaframe XP - Cross-Site Scripting source: https://www.securityfocus.com/bid/8939/info Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in...
Sun Management Center 3.03.5 - Error Message Information Disclosure
Sun Management Center 3.03.5 - Error Message Information Disclosure source: https://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable...
Sun Management Center 3.0/3.5 - Error Message Information Disclosure
source: https://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts. http://www.example.com:898/../../../../../tmp/.X11-unix...
Microsoft IDS Server crossite scripting
Crossite scripting in error message...
12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure
12Planet Chat Server 2.5 - Error Message Installation Full Path Disclosure source: https://www.securityfocus.com/bid/7355/info When certain malformed URL requests are sent to a 12Planet Chat Server, the server's installation path may be revealed in the returned error message. This information cou...