8199 matches found
Fedora 7 : xpdf-3.02-1.fc7 (2007-1383)
Changes since 3.01: Added anti-aliasing for vector graphics; added the vectorAntialias xpdfrc option; added the '-aaVector' switch to xpdf and pdftoppm. Implemented stroke adjustment always enabled by default, ignoring the SA parameter, to match Adobe's behavior, and added the strokeAdjust xpdfrc...
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26286/info Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize...
SAXON version 5.4 SQL Injection Vulnerability
netVigilance Security Advisory 55 SAXON version 5.4 SQL Injection Vulnerability Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per...
about: blank windows
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01...
CVE-2007-5524
Technical details for CVE-2007-5524 are not publicly provided in the supplied documents; no specific affected products/versions, root cause, or remediation are disclosed. Monitor for updates.
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
CVE-2007-5425
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...
Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector
No description provided by source. Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...
Drupal 5.2 - PHP Zend Hash ation Vector
Drupal 5.2 - PHP Zend Hash ation Vector Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo; milw0rm.com 2007-10-10...
CVE-2007-5247
CVE-2007-5247 describes multiple format-string vulnerabilities in the Lithtech-based engine as used by F.E.A.R. 1.08 and earlier, with PunkBuster enabled. The issue allows remote attackers to potentially execute arbitrary code or cause a denial of service via format specifiers in specific PunkBus...
CVE-2007-5168
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 modules/serveurjeux.php or 2 conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the requireonce is only reached when ...
CVE-2007-5014
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...
VMware Workstation 6.0多个安全漏洞
BUGTRAQ ID: 25728,25729,25731,25732 CVECAN ID: CVE-2007-0061,CVE-2007-0062,CVE-2007-0063,CVE-2007-4059,CVE-2007-4155,CVE-2007-4496,CVE-2007-4497 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的实现上存在多个安全漏洞,可导致多种威胁。 具体如下: 1 VMWare的DHCP服务器可被恶意网页用来获取系统权限。 2...
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations ...
Boinc Forum Cross Site Scripting Vulrnability
HSC Boinc Forum Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
tomcat-func-xss.txt
Apache Tomcat remote xss Author: handrix Contact: handrixatmorxdotorg Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org Description: Apache Tomcat remote xss Tomcat provide many example of jsp files, servlet and others. functions.jsp's script is...
Remote file inclusion
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War VWar 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747...
OS2A_1009.txt
Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities OS2A ID: OS2A1009 Status: 07/11/2007 Issue Discovered 07/12/2007 Reported to the Vendor 08/22/2007 Public Release Class: SQL Injection and Cross Site Scripting Severity: High Overview: --------- Ripe Website Manager is a...
Design/Logic Flaw
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface JNDI, related to 1 a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response...