839 matches found
Update Protection against HP Power Manager Remote Code Execution
A remote code execution vulnerability exists within HP Power Manager, a web-based application for managing a HP Uninterruptible Power System UPS. The vulnerability is due to insufficient bounds checking in the HP Power Manager while processing URL parameters in the login form of the web based...
PeerCast 0.1216 Buffer Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'PeerCast %q...
Skype skype4com URI Handler Remote Heap Corruption (CVE-2007-5989)
Skype is a peer-to-peer Voice over IP VoIP Internet telephony network solution. The product is used to transfer real time conversations between two peers over the Internet. Skype users can speak to other Skype users, receive calls from traditional phones, and receive voice-mail messages. Peers ar...
openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-383)
The Mozilla XULRunner 1.8.1 engine received backports for security problems in 1.9.0.5. The following security issues were fixed : MFSA 2008-68 / CVE-2008-5512 / CVE-2008-5511: Mozilla security researcher mozbugra4 reported that an XBL binding, when attached to an unloaded document, can be used t...
EUVD-2009-1547
Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the 1 qtewebpath parameter to qteweb.php and the 2 qteroot parameter to bin/qteinit.php...
XMLHttpRequest 302 response disclosure — Mozilla
Marius Schilder of Google Security reported that when a XMLHttpRequest is made to a same-origin resource which 302 redirects to a resource in a different domain, the response from the cross-domain resource is readable by the site issuing the XHR. Cookies marked HttpOnly were not readable, but oth...
verisign-xss.txt
VeriSign Kontiki Delivery Management System DMS Cross-Site Scripting Vulnerability CVE Number: CVE-2008-4393 Vulnerability Type / Importance: XSS / Medium Problem discovered: September 24th 2007 Vendor contacted: September 26th 2007 Advisory published: March 28th 2008 Abstract The Kontiki Deliver...
CVE-2008-4337
CVE-2008-4337 is an XSS vulnerability in Bitweaver 2.0.2. The provided documents describe multiple vectors: arbitrary script/HTML injection via URL parameters across numerous pages (articles/edit/list; blogs/list_blogs/rankings; calendar and events pages; fisheye galleries; liberty/list_content; ...
Unfixed XSS vulnerability at www.almanac.com
Security researcher austinator, has submitted on 15/08/2008 a cross-site-scripting XSS vulnerability affecting www.almanac.com, which at the time of submission ranked 52857 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/08/2008. It is...
CVE-2008-3022
Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in 1 icerikyolu, 2 sayfaid, and 3 uzanti parameters...
Unfixed XSS vulnerability at www.kaobanga.com
Security researcher F3nix, has submitted on 07/01/2008 a cross-site-scripting XSS vulnerability affecting www.kaobanga.com, which at the time of submission ranked 397031 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/01/2008. It is currentl...
RSS-aggregator SQL注入漏洞
BUGTRAQ ID: 30016 CNCAN ID:CNCAN-2008070102 RSS-aggregator是一款基于PHP的WEB应用程序。 RSS-aggregator不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题是脚本对用户提交给WEB参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 RSS-aggregator 1.0 目前没有详细解决方案提供: http://www.rss-aggregator.com/...
Unfixed XSS vulnerability at www.weberdavisutahhomes.com
Security researcher mckt, has submitted on 06/10/2008 a cross-site-scripting XSS vulnerability affecting www.weberdavisutahhomes.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/10/2008. It is...
Unfixed XSS vulnerability at www.sunnysouthfloridarealestate.com
Security researcher mckt, has submitted on 06/10/2008 a cross-site-scripting XSS vulnerability affecting www.sunnysouthfloridarealestate.com, which at the time of submission ranked 9514973 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Unfixed XSS vulnerability at www.flybalaton.com
Security researcher xylitol, has submitted on 06/10/2008 a cross-site-scripting XSS vulnerability affecting www.flybalaton.com, which at the time of submission ranked 2333856 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009. It is...
Unfixed XSS vulnerability at www.jachtklubas.lt
Security researcher F3nix, has submitted on 06/01/2008 a cross-site-scripting XSS vulnerability affecting www.jachtklubas.lt, which at the time of submission ranked 3269275 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/01/2008. It is...
Unfixed XSS vulnerability at biblioteca.carregal-digital.pt
Security researcher BackDoor, has submitted on 20/05/2008 a cross-site-scripting XSS vulnerability affecting biblioteca.carregal-digital.pt, which at the time of submission ranked 5664707 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Unfixed XSS vulnerability at www.jesper.nu
Security researcher kylex, has submitted on 05/06/2008 a cross-site-scripting XSS vulnerability affecting www.jesper.nu, which at the time of submission ranked 14252 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/06/2008. It is currently...
Unfixed XSS vulnerability at www.enlaces.cl
Security researcher sl4xUz, has submitted on 05/05/2008 a cross-site-scripting XSS vulnerability affecting www.enlaces.cl, which at the time of submission ranked 36076 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/05/2008. It is currently...
Unfixed XSS vulnerability at www.ekontaktas.lt
Security researcher F3nix, has submitted on 21/02/2008 a cross-site-scripting XSS vulnerability affecting www.ekontaktas.lt, which at the time of submission ranked 38917 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is currentl...