104 matches found
Apache Rave 0.11 0.20 - User Information Disclosure
Apache Rave 0.11 0.20 - User Information Disclosure CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the Us...
Apache Rave 0.11 < 0.20 - User Information Disclosure
CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...
Apache Rave User Exposure
CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...
FreeBSD : chromium -- multiple vulnerabilities (46bd747b-5b84-11e2-b06d-00262d5ed8ee)
Google Chrome Releases reports : 162494 High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. 165622 High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. 165864 High CVE-2012-5147:...
VideoDB 3.0.3 Local File Inclusion / SQL Injection
Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = VideoDB Multip...
VideoDB 3.0.3 - Multiple Vulnerabilities
Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title = VideoDB Multip...
VideoDB 3.0.3 - Multiple Vulnerabilities
VideoDB 3.0.3 - Multiple Vulnerabilities Exploit Title: VideoDB Multiple Vulnerabilities Date: 09.10.2010 Author: Valentin Category: webapps/0day Version: 3.0.3 and earlier Tested on: CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Informatio...
CMSimple 3.3 Cross Site Request Forgery / Cross Site Scripting
==================================== Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 201...
XSS vulnerability in CMSimple
Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS Cross Site...
SA-CONTRIB-2010-024 - eTracker - Cross Site Scripting
The eTracker module provides integration of a Drupal site with the eTracker web traffic analysis service and takes the current URL as a parameter to track what pages have been visited. The URL from the browser is forwarded to JavaScript in the current page, and because the URL wasn't sanitised, i...
Fedora Core 9 FEDORA-2009-0636 (libnasl)
The remote host is missing an update to libnasl announced via advisory FEDORA-2009-0636. OpenVAS Vulnerability Test $Id: fcore20090636.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-0636 libnasl Authors: Thomas Reinke Copyright: Copyright c 2009...
XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to XSS and SQL injections. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 4.3.0 and all versions below Vulnerability Type: Cross-Site...
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin phpmyadmin is vulnerable to Code Execution. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 3.2.0 and all versions below Vulnerability Type: Code execution...
CVE-2007-4232
The CVE-2007-4232 issue affects PHPNews 0.93 and is described as a PHP remote file inclusion vulnerability in admin/inc/change_action.php. The vulnerability allows an attacker to cause the application to execute arbitrary PHP code by supplying a crafted URL for the format_menue parameter, enablin...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)
A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue...
CVE-2006-4210
CVE-2006-4210 describes a vulnerability in nu_mail.inc.php of Andreas Kansok’s phPay 2.02/2.02.1 where, if register_globals is enabled, a remote attacker can abuse the server as an open mail relay via manipulated parameters (mail_text2, user_row[5], nu_mail_1, shop_mail). The root cause is improp...
DSA-1114 hashcash - buffer overflow
Bulletin has no description...
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities
====================================================================== Secunia Research 14/06/2006 - DeluxeBB SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...
hashcash -- heap overflow vulnerability
Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "arraypush" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line,...
Secunia Research: DeluxeBB SQL Injection and File Inclusion Vulnerabilities
====================================================================== Secunia Research 14/06/2006 - DeluxeBB SQL Injection and File Inclusion Vulnerabilities - ====================================================================== Table of Contents Affected...