CVE-2009-3581

Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...

CVE-2009-3581

Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...

CVE-2009-3581

Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...

Oracle - ctxsys.drvxtabc.create_tables Evil Cursor

-- -- ctxsys.drvxtabc.createtablesV2.sql -- -- -- Oracle ctxsys.drvxtabc.createtables exploit 9i/10g -- Evil cursor technique -- -- Grant dba permission to unprivileged user -- -- -- REF: http://www.google.it/search?q=ctxsys.drvxtabc.createtables -- -- AUTHOR: Andrea "bunker" Purificato --...

Hardcoded credentials

src/net/http/httptransactionwinhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this...

Microsoft Windows WMI服务隔离本地权限提升漏洞（MS09-012）

BUGTRAQ ID: 34442 CVECAN ID: CVE-2009-0078 Microsoft Windows是微软发布的非常流行的操作系统。 Windows管理规范（WMI）提供程序没有正确地隔离NetworkService或LocalService帐号下运行的进程，同一帐号下运行的两个独立进程可以完全访问对方的文件句柄、注册表项等资源。WMI提供程序主机进程在某些情况下会持有SYSTEM令牌，如果攻击者可以以...

Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

This host is missing a critical security update according to Microsoft Bulletin MS09-012. OpenVAS Vulnerability Test $Id: secpodms09-012.nasl 5934 2017-04-11 12:28:28Z antu123 $ Vulnerabilities in Windows Could Allow Elevation of Privilege 959454 Authors: Chandan S Updated By: Madhuri D on...

CVE-2009-0233

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

CVE-2009-0234

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

Input validation

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

CVE-2009-0234

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

CVE-2009-0233

CVE-2009-0233 is the DNS Resolver Cache Service (DNSCache) vulnerability in Windows DNS Server. When dynamic updates are enabled, the server may fail to reuse cached DNS responses in all scenarios, enabling remote attackers to predict transaction IDs and poison caches by sending crafted DNS queri...

CentOS Update for irb CESA-2008:0896 centos3 i386

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0896 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Cambridge researchers slam banking card readers

The Register is reporting on a new study by Cambridge security researchers that show that card readers for online banking are inherently insecure. Researchers Saar Drimer, Steven J Murdoch and Ross Anderson found a number of serious security shortcomings after reverse engineering the underlying...

MS Windows Token Kidnapping local provide the right solutions-vulnerability warning-the black bar safety net

Although it is a time ago of the vulnerability, but had been only concerned with the exploits, and not focus on specific solutions, today inadvertently and the user-chat when mentioned, the user let help to find a solution, the online search under, In The Lancet where to find the relevant...

ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

MS Windows Token Kidnapping local provide the right solutions-vulnerability warning-the black bar safety net

Today MS updated security Bulletin This vulnerability is due inNetworkService or LocalService the following code running, you can access the same in the NetworkService or LocalService processes that run under that certain processes allow elevation of privileges for theLocalSystem it. For IIS, the...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

DEBIAN-CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...