Basilic diff.php Arbitrary Command Execution (CVE-2012-3399)

The vulnerability is due to lack of input verification in the affected function A remote attacker can exploit this issue by sending a specially crafted script to the target. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands as the www-data...

PSF-2010-6 smtpd accept bug and race condition

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to condu...

CVE-2010-0793

Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted CC: header...

Microsoft Word Could Allow Remote Code Execution Vulnerability

This host is installed with Microsoft Office with MS Word, which is prone to remote code execution vulnerability. OpenVAS Vulnerability Test $Id: secpodmswordcodeexecvuln900006.nasl 6519 2017-07-04 14:08:14Z cfischer $ Description: Microsoft Word Could Allow Remote Code Execution Vulnerability...

Web Server Generic 3xx Redirect

The remote web server is configured to redirect users using a HTTP 302, 303 or 307 response. However, the server can redirect to a domain that includes components included in the original request. A remote attacker could exploit this by crafting a URL which appears to resolve to the remote server...

activekb-cookie.txt

--==+================================================================================+==-- --==+ ActiveKB = 1.5 Insecure Cookie Handling/Arbitrary Admin Access +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 1...

CVE-2008-1191

Technical details for CVE-2008-1191 are not provided in the supplied documents. Please monitor for updates.

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

Design/Logic Flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...

UnrealIRCd 3.x - Remote Denial of Service

source: https://www.securityfocus.com/bid/17057/info UnrealIRCd is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. !/usr/bin/perl Denial of Service exploit for UnrealIRCd 3.2.3 Successfully tested on both Win32 and...

Relative Real Estate Systems 1.2 - SQL Injection

Relative Real Estate Systems 1.2 - SQL Injection source: https://www.securityfocus.com/bid/15714/info Relative Real Estate Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script befor...

Just Williams Amazon Webstore - HTTP Response Splitting

Just Williams Amazon Webstore - HTTP Response Splitting source: https://www.securityfocus.com/bid/13428/info Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may explo...

phpMyAdmin < 2.6.1 pl2 Libraries and Themes Multiple XSS

The installed version of phpMyAdmin suffers from multiple cross-site scripting vulnerabilities due to its failure to sanitize user input in several PHP scripts used as libraries and themes. A remote attacker may use these issues to cause arbitrary code to be executed in a user's browser, to steal...

CVE-2004-1587

Buffer overflow in Monolith games including 1 Alien versus Predator 2 1.0.9.6 and earlier, 2 Blood 2 2.1 and earlier, 3 No one lives forever 1.004 and earlier and 4 Shogo 2.2 and earlier allows remote attackers to cause a denial of service application crash via a long secure Gamespy query...

PHP-Nuke 6.x/7.x - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a...

Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting

Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/12420/info Reportedly Eurofull E-Commerce is affected by a cross-site scripting vulnerability in the 'mensresp.asp' script. This issue is due to a failure of the application to properly sanitize...

Samba vulnerable to integer overflow processing file security descriptors

Overview Samba contains an integer overflow vulnerability in code that processes file security descriptors. This could allow an authenticated, remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Samba is an open-source implementation of...

JSPWiki 2.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11746/info It is reported that JSPWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated Web pages. This...

Goolery 0.3 - &#039;viewpic.php?conversation_id&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems present themselves when malicious HTML a...

Gaim: Multiple vulnerabilities

Background Gaim is a full featured instant messaging client which handls a variety of instant messaging protocols. Description A possible buffer overflow exists in the code processing MSN SLP messages CAN-2004-0891. memcpy was used without validating the size of the buffer, and an incorrect buffe...