Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...

Design/Logic Flaw

Google Chrome before 15.0.874.102 does not prevent redirects to chrome: URLs, which has unspecified impact and remote attack vectors...

CVE-2011-3879

CVE-2011-3879 affects Google Chrome prior to 15.0.874.102, where redirects to chrome: URLs are not prevented, yielding unspecified impact and remote attack vectors. Remediation per connected advisories is to upgrade to Chrome 15.0.874.102 or newer (e.g., as noted in GLSA 201111-01 for Chromium/Ch...

CVE-2011-2874

Technical details for CVE-2011-2874 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or remediation are stated here. Monitor for updates.

PHP Captcha Securimage 2.0.2 - Authentication Bypass

PHP Captcha Securimage 2.0.2 - Authentication Bypass Sense of Security - Security Advisory - SOS-11-007 Release Date. 20-May-2011 Last Update. - Vendor Notification Date. 04-Apr-2011 Product. Securimage / PHPCaptcha Platform. PHP Affected versions. 1.0.4 - 2.0.2 Severity Rating. Medium Impact...

Multiple Media Players ((iTunes QuickTime) - HTTP DataHandler Overflow

Multiple Media Players iTunes QuickTime - HTTP DataHandler Overflow ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled...

Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow

ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled application that I tested fell victim to this exploit. This is a local...

EXcms Root directory disclosure vulnerability

---------------------------------------------------------------------- PT-2009-22 Positive Technologies Security Advisory EXcms Root directory disclosure vulnerability ---------------------------------------------------------------------- --- Affected Software EXcms Versions prior to 2.02 Product...

[Full-disclosure] Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004

Lotus Sametime User Enumeration Vulnerability - Security Advisory - SOS-09-004 Release Date. 9-Jul-2009 Vendor Notification Date. 2-Jun-2009 Product. IBM Lotus Instant Messaging and Web Conferencing Sametime Platform. Windows verified, possibly others Affected versions. IBM Lotus Instant Messagin...

Debian Security Advisory DSA 1795-1 (ldns)

The remote host is missing an update to ldns announced via advisory DSA 1795-1. OpenVAS Vulnerability Test $Id: deb17951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1795-1 ldns Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1795-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-1177

CVE-2009-1177 affects MapServer’s mapserv, specifically MapServer 4.x before 4.10.4 and 5.x before 5.2.2. The flaw resides in maptemplate.c and is described as multiple stack-based buffer overflows, with unknown impact and remote attack vectors. The Red Hat CVE entry corroborates this description...

DEBIAN-CVE-2009-0414

Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption...

CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability

CVE Number: CVE-2008-1094 Vulnerability: SQL Injection Risk: Medium Attack vector: From Remote Vulnerability Discovered: 16th June 2008 Vendor Notified: 16th June 2008 Advisory Released: 15th December 2008 Abstract Barracuda Networks Spam Firewall is vulnerable to various SQL Injection attacks...

CVE-2008-4598

Technical details for CVE-2008-4598 are not publicly available in the provided documents. Monitor for updates from NVD/Drupal advisories.

CVE-2008-3504

Unspecified vulnerability in mask PHP File Manager mPFM before 2.3 has unknown impact and remote attack vectors related to "manipulation of cookies."...

CVE-2008-3228

CVE-2008-3228 affects Joomla! prior to 1.5.4. The issue is that the .htaccess configuration does not apply certain security checks that are described as blocking common exploits for SEF URLs. The impact is explicitly stated as unknown, and the description notes remote attack vectors without detai...

Code injection

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620,...

CVE-2008-2603

CVE-2008-2603 is an Oracle Enterprise Manager (Database Control) cross-site scripting vulnerability affecting 10gR1/10gR2/11.1.0.6 where the REFRESHCHOICE parameter can inject arbitrary script/HTML. The issue originates from the July 2008 CPU advisory; vendors released a patch as part of the CPU....

CVE-2008-2579

CVE-2008-2579 affects WebLogic Server Plugins for Apache, Sun and IIS web servers bundled with BEA/Oracle WebLogic, specifically in BEA Product Suite versions 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7. The vulnerability is described as unspecified with unknown impact, but multipl...