OpenSSL -- Remote Data Injection / DoS

Applications that use SSLMODERELEASEBUFFERS, such as nginx, are prone to a race condition which may allow a remote attacker to inject random data into other connections...

iPhone 3G S still not enterprise-ready

From Computerworld Matt Hamblen The new iPhone 3G S boasts remote data wipe, hardware-based encryption and tethering of the device to a laptop that would seem to please business users interested in protecting data and enhancing productivity. But no, those steps are not good enough for widespread...

Winn ASP Guestbook 1.01b - Remote Database Disclosure

!/usr/bin/perl -w Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit Found By : ZoRLu Home: yildirimordulari.com , dafgamers.com , z0rlu.blogspot.com Not: Bana Bug BulamIyorum, YapamIyorum Demeyin a.q Elin Gavuru YapIyor Sizler Niye YapamIyorsunuz. istemiyorsunuz isteseniz Sizlerde...

EUVD-2009-1190

modproxyajp.c in the modproxyajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request...

Hackers can sniff keystrokes from thin air

By Elinor Mills, CNET Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket. Usin...

Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities

No description provided by source. Kipper 2.01 Multiple Vulnes Remote Data Reading , Local File Include , Remote XSS Download From : http://www.bookelves.com/kipper/files/kipper20.zip - Found By : RoMaNcYxHaCkEr - My Site : WwW.Sec-Code.CoM - My Group : Security - Codes Group Exploit 1: - Remote...

Kipper 2.01 XSS / LFI / Disclosure

Kipper 2.01 Multiple Vulnes Remote Data Reading , Local File Include , Remote XSS Download From : http://www.bookelves.com/kipper/files/kipper20.zip - Found By : RoMaNcYxHaCkEr - My Site : WwW.Sec-Code.CoM - My Group : Security - Codes Group Exploit 1: - Remote Data Reading :...

Kipper 2.01 (XSS/LFI/DD) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================= Kipper 2.01 XSS/LFI/DD Multiple Vulnerabilities ================================================= Kipper 2.01 Multiple Vulnes Remote Data Reading , Local File Include , Remote XSS Download...

Kipper 2.01 - Cross-Site Scripting Local File Inclusion File Disclosure

Kipper 2.01 - Cross-Site Scripting Local File Inclusion File Disclosure Kipper 2.01 Multiple Vulnes Remote Data Reading , Local File Include , Remote XSS Download From : http://www.bookelves.com/kipper/files/kipper20.zip - Found By : RoMaNcYxHaCkEr - My Site : WwW.Sec-Code.CoM - My Group : Securi...

Kipper 2.01 - Cross-Site Scripting / Local File Inclusion / File Disclosure

Kipper 2.01 Multiple Vulnes Remote Data Reading , Local File Include , Remote XSS Download From : http://www.bookelves.com/kipper/files/kipper20.zip - Found By : RoMaNcYxHaCkEr - My Site : WwW.Sec-Code.CoM - My Group : Security - Codes Group Exploit 1: - Remote Data Reading :...

Design/Logic Flaw

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD password string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the...

CVE-2008-3003

Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD password string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the...

CVE-2008-3003

CVE-2008-3003 describes a vulnerability in Microsoft Office Excel 2007 (Gold and SP1) where the PWD password string is not properly removed from connections.xml when a .xlsx is configured not to save the remote data session password. This allows local users to obtain sensitive information and pot...

Microsoft Excel Credential Caching Vulnerability

Description Microsoft Excel is prone to a vulnerability that allows unauthorized access to remote data source credentials that have been cached in Excel files. This issue is limited to Microsoft Excel 2007 and Microsoft Office 2008 for Mac. Technologies Affected Avaya Messaging Application Server...

DEBIAN-CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

security flaw

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via 1 HTTP 302 redirect controls, 2...

Design/Logic Flaw

The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

DEBIAN-CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

PT-2007-3716 · Prototype · Prototypejs

Name of the Vulnerable Software and Affected Versions: prototypejs versions prior to 1.5.1 RC3 Description: The issue allows remote attackers to obtain data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript...

PT-2007-3711 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT affected versions not specified Description: The issue concerns the exchange of data using JavaScript Object Notation JSON without proper protection, allowing remote attackers to obtain the data. This can be achieved...