1195 matches found
WordPress Plugin WonderPlugin Audio Player Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WonderPlugin Audio Player is one of the audio player plugin. WordPress WonderPlugin Audio Player plugin 2.0 and...
Vanilla Forums Cross-Site Scripting Vulnerability
Vanilla Forums is a Canadian company VanillaForums PHP-based open source forum program . A cross-site scripting vulnerability exists in Vanilla Forums versions 2.0.18.12 and 2.1.x prior to 2.1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2015-0386
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191...
PT-2014-5437 · Red Hat · Spacewalk-Java +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...
UBUNTU-CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors...
DEBIAN-CVE-2013-7340
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service memory consumption via a crafted playlist file...
PT-2013-1463 · Red Hat · Web Platform +3
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions prior to 5.2.0 Web Platform EWP versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1 Description: A cross-site scripting XSS issue exists in the...
JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...
PT-2012-4689 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.9 Moodle versions 2.1.x through 2.1.6 Moodle versions 2.2.x through 2.2.3 Moodle versions 2.3.x through 2.3.0 Description: A cross-site scripting XSS issue exists, allowing remote authenticated administrators...
CVE-2012-1392
Unspecified vulnerability in the Dolphin Browser HD mobi.mgeek.TunnyBrowser application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors...
JDK: unspecified vulnerability fixed in 6u29 (Deployment)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to...
PT-2011-4554 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x before 2.2.18 Description: The issue arises from the mod proxy module's improper interaction with RewriteRule and ProxyPassMatch pattern matches when configure...
rsyslog: parseLegacySyslogMsg off-by-two buffer overflow
Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service application exit via a long TAG in a legacy syslog message...
CVE-2008-4204
creationtimestamp| type| source ---|---|--- 2008-09-16 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6470...
PT-2008-5265 · Dic · Dic Shop V52 +1
Name of the Vulnerable Software and Affected Versions: DIC shop v50 versions 3.0 and earlier DIC shop v52 versions 2.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Recommendations: For DIC shop v5...
PT-2008-4391 · Pidgin +1 · Pidgin +1
Name of the Vulnerable Software and Affected Versions: Pidgin versions 2.0.0 and possibly other versions Description: A memory leak in Pidgin allows remote attackers to cause a denial of service via malformed XML documents. The issue has been disputed by the upstream vendor due to a lack of...
AZL-7422 CVE-2008-2149 affecting package wordnet for versions less than 3.0-38
Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end...
DEBIAN-CVE-2008-2149
Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end...
CVE-2008-6206
creationtimestamp| type| source ---|---|--- 2008-04-04 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/31611 2008-04-04 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/31610...
PT-2006-6671 · Qualcomm · Eudora Worldmail
Name of the Vulnerable Software and Affected Versions: Eudora Worldmail version 6.1.22.0 Description: The issue concerns multiple buffer overflows in Eudora Worldmail, which may have unknown impact and attack vectors. This is demonstrated by the "Eudora WorldMail stack overflow" and "Eudora...