839 matches found
Social Share Cross Site Scripting
=========================================== www.eVuln.com advisory: "title" and "ur"l - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/164/summary.html Details: http://evuln.com/vulns/164/description.html -----------Summary----------- eVuln ID: EV0164 Software: Social Share...
Hewlett-Packard Power Manager Administration Web Server Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Power Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of URL parameters when posting to the login form of the web bas...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 body, 2 footer, 3 header, 4 menuleft, or 5 menuright parameter...
PeerCast 0.1216 (Linux) - URL Handling Buffer Overflow (Metasploit)
$Id: peercasturl.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Unfixed XSS vulnerability at www.modernreformation.org
Security researcher jath, has submitted on 09/07/2010 a cross-site-scripting XSS vulnerability affecting www.modernreformation.org, which at the time of submission ranked 1477261 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2010. It is...
CVE-2010-3209
Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to 1 Config/Container.php and 2 HTML/QuickForm.php in fog/lib/pear/, the 3 driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the...
Serv-U < 10.2.0.0 Multiple Vulnerabilities
Binary data 5635.prm...
Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 3.1.1. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - It may be possible to run...
SeaMonkey 2.0.x < 2.0.6 Multiple Vulnerabilities
Binary data 800871.prm...
Mozilla Thunderbird 3.1.x < 3.1.1 Multiple Vulnerabilities
Binary data 5609.prm...
SeaMonkey < 2.0.6 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.0.6. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute cloning...
Cross-origin data leakage from script filename in error messages — Mozilla
Security researcher Soroush Dalili reported that potentially sensitive URL parameters could be leaked across domains upon script errors when the script filename and line number is included in the error message...
NaviCOPA Web Server 2.0.1 - URL Handling Buffer Overflow (Metasploit)
$Id: navicopagetoverflow.rb 9797 2010-07-12 23:25:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
CVE-2010-1373
Cross-site scripting XSS vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."...
Cross site scripting
Cross-site scripting XSS vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."...
Unfixed XSS vulnerability at zapisy.pwr.wroc.pl
Security researcher maligree, has submitted on 16/05/2010 a cross-site-scripting XSS vulnerability affecting zapisy.pwr.wroc.pl, which at the time of submission ranked 31110 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is...
CVE-2010-1342
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 admin/menu.php and 2 library/lib.menu.php; and the adminroot parameter to 3...
SAGU-PRO v1.0 Multiple Remote File Include Vulnerability
Exploit for php platform in category web applications ======================================================== SAGU-PRO v1.0 Multiple Remote File Include Vulnerability ======================================================== \|/// \ - - // @ @...
CVE-2010-1114
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the 1 pg parameter to index.php and the 2 path parameter to news/form.php...
Zenoss 2.3.3 SQL Injection
nGenuity Information Services -- Security Advisory Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] Authentication: Valid user or admin session...