378 matches found
W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...
Debian DSA-464-1 : gdk-pixbuf - broken image handling
Thomas Kristensen discovered a vulnerability in gdk-pixbuf binary package libgdk-pixbuf2, the GdkPixBuf image library for Gtk, that can cause the surrounding application to crash. To exploit this problem, a remote attacker could send a carefully-crafted BMP file via mail, which would cause e.g...
Debian DSA-518-1 : kdelibs - unsanitised input
iDEFENSE identified a vulnerability in the Opera web browser that could be used by remote attackers to create or truncate arbitrary files on the victims machine. The KDE team discovered that a similar vulnerability exists in KDE. A remote attacker could entice a user to open a carefully crafted...
Snitz Forums 2000 - 'down.asp' HTTP Response Splitting
source: https://www.securityfocus.com/bid/11201/info Snitz Forums is reported prone to a HTTP response splitting vulnerability. The issue exists in a parameter of the 'down.asp' script. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET...
RHEL 3 : httpd (RHSA-2004:349)
Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...
DSA-458-3 python2.2 - buffer overflow
Bulletin has no description...
Keene Digital Media Server 1.0.2 - Directory Traversal
Keene Digital Media Server 1.0.2 - Directory Traversal source: https://www.securityfocus.com/bid/11057/info It is reported that DMS is susceptible to a directory traversal vulnerability. The directory traversal issue is present upon requesting files outside the webroot of the application using he...
Keene Digital Media Server 1.0.2 - Directory Traversal
source: https://www.securityfocus.com/bid/11057/info It is reported that DMS is susceptible to a directory traversal vulnerability. The directory traversal issue is present upon requesting files outside the webroot of the application using hex encoded directory traversal character sequences to...
Fusionphp Fusion News 3.33.6 - Administrator Command Execution
Fusionphp Fusion News 3.33.6 - Administrator Command Execution source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to...
Fusionphp Fusion News 3.3/3.6 - Administrator Command Execution
source: https://www.securityfocus.com/bid/10836/info It is reported that Fusion News is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This issue permits a remote attacker to...
Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (1)
// source: https://www.securityfocus.com/bid/10833/info A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. An anonymous remote attacker may be capable of exploiting this issue to execute...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user...
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access
RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Arbitrary File Access source: https://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on us...
PHP-Fusion Database Backup - Information Disclosure
source: https://www.securityfocus.com/bid/10974/info It is reported that PHP-Fusion is susceptible to a database backup information disclosure vulnerability. An anonymous remote attacker may be able to download a complete database backup from the server. Authentication would not be required. A...
BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by...
Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service
Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service source: https://www.securityfocus.com/bid/10694/info A denial of service vulnerability is reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render...
12Planet Chat Server 2.9 - Cross-Site Scripting
12Planet Chat Server 2.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10659/info It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data. The problem presents itself when...
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size...
vBulletin 1.02.x3.0 - index.php User Interface Spoofing
vBulletin 1.02.x3.0 - index.php User Interface Spoofing source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of...
HAHTsite Scenario Server fails to handle overly long URLs
Overview HAHTsite Scenario Server fails to properly handle HTTP requests containing an overly long "project name". Description HAHTsite Scenario Server is an e-Business platform that consists of a web application server and web development environment. There is a buffer overflow vulnerability in...