GForge GroupJoinRequest.class远程SQL注入漏洞

BUGTRAQ ID: 33086 CVECAN ID: CVE-2008-2381 GForge是用于管理软件开发周期的工具。 GForge的common/include/GroupJoinRequest.class文件中没有正确地验证对create函数的输入，远程攻击者可以通过提交恶意的SQL查询请求注入并执行恶意代码。 GForge GForge 4.6 GForge GForge 4.5 GForge ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Multiple XSS Vulnerabilities in World Recipe 2.11

Armorize Technologies Security Advisory Armorize-ADV-2008-0001 Title: Multiple XSS Vulnerabilities in World Recipe 2.11 Date: 2008/12/15 Status: Full Class: Input Validation Error Bugtraq ID: N/A Category: Cross Site Scripting Language: ASP.NET C Description Armorize-ADV-2008-0001 discloses...

[SECURITY] Fedora 8 Update: trac-0.10.5-1.fc8

Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...

[SECURITY] Fedora 9 Update: xemacs-packages-extra-20070427-2.fc9

XEmacs is a highly customizable open source text editor and application development system. It is protected under the GNU General Public License and related to other versions of Emacs, in particular GNU Emacs. Its emphasis is on modern graphical user interface support and an open software...

Update Protection against Borland StarTeam Multicast Service HTTP Handling Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported in Borland StarTeam Multicast Service. Borland StarTeam is a software change and configuration management tool, designed for both centralized and geographically distributed software development environments. A remote attacker might exploit this...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...

Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue...

Debian Security Advisory DSA 951-2 (trac)

The remote host is missing an update to trac announced via advisory DSA 951-2. This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update. For completeness please find below the original...

Debian Security Advisory DSA 951-1 (trac)

The remote host is missing an update to trac announced via advisory DSA 951-1. Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:...

Debian: Security Advisory (DSA-951-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1152)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 951-1 (trac)

The remote host is missing an update to trac announced via advisory DSA 951-1. Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:...

Microsoft Visual Studio PDWizard.ocx ActiveX Control Code Execution (CVE-2007-4891)

Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services.The vulnerability is due to an error in the Microsoft Visual...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

Tyger Bug Tracking System Multiple Vulnerability

-=--------------------ADVISORY-------------------=- Tyger Bug Tracking System Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Tyger Bug Tracking System -=+ Version: 1.1.3 -=+ Vendor's URL: http://uk.homeunix.org/tyger/cms/ -=+ Platform:...

DSA-1094-1 gforge - missing input sanitising

Bulletin has no description...

W32Dasm buffer overflow vulnerability analysis and exploit-vulnerability warning-the black bar safety net

If you've seen the Black anti - “hack columnist”of the readers, all know the sentence is very classic words: with W32Dasm decompile need to crack the program, and then select the menu“references”-“string reference”, find“invalid registration code, please re-input!” Or“registration code is...

RechnungsZentrale V2 <= 1.1.3 Remote Inclusion Vulnerability

Exploit for unknown platform in category web applications ============================================================ RechnungsZentrale V2 = 1.1.3 Remote Inclusion Vulnerability ============================================================ - GroundZero Security Research and Software Development...

RechnungsZentrale V2 1.1.3 - Remote File Inclusion

RechnungsZentrale V2 1.1.3 - Remote File Inclusion - GroundZero Security Research and Software Development 2006 - Software: RechnungsZentrale V2 Version: 1.1.3, likely older versions are affected aswell. Vendor: http://www.nfec.de/ Remote Inclusion:...