3102 matches found
AS-GasTracker 1.0.0 - Insecure Cookie Handling
--==+================================================================================+==-- --==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 MA...
AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability
Exploit for unknown platform in category web applications ========================================================== AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability ==========================================================...
AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==-- --==+================================================================================+==-- Discovere...
AS-GasTracker 1.0.0 - Insecure Cookie Handling
AS-GasTracker 1.0.0 - Insecure Cookie Handling --==+================================================================================+==-- --==+ AS-GasTracker 1.0.0 Insecure Cookie Handling Vulnerability +==-- --==+================================================================================+==...
CVE-2008-1563
CVE-2008-1563 affects the Wireshark (formerly Ethereal) SCTP dissector, specifically the decode-as feature in packet-bssap.c. The issue exists in Wireshark versions 0.99.6 through 0.99.8, where a malformed packet can be crafted by a remote attacker to trigger an application crash (denial of servi...
Design/Logic Flaw
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root action...
CVE-2008-1132
Net Activity Viewer 0.2.1 has an untrusted search path vulnerability in src/mainwindow.c, enabling local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu invoked during Restart As Root. Impact: arbitrary code execution with the caller's privileges. Exploita...
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
Wordpress Plugin Sniplets 1.1.2 Multiple Vulnerabilities by NBBN 1 Remote File Inclusion File: /modules/syntaxhighlight.php Register Globals: ON Vuln code: "/ http://victim.tld/wordpress/wp-content/plugins/sniplets/view/admin/pager.php?page=%22%3E%3Cscript%3Ealert%22XSS%22%3C/script%3E 3 Remote...
PT-2007-6975 · Oracle · Javamail
Name of the Vulnerable Software and Affected Versions: Javamail affected versions not specified Description: The issue arises when Javamail fails to properly handle a series of invalid login attempts where the same e-mail address is used as both the username and password. Specifically, if the...
FreeBSD : plone -- unsafe data interpreted as pickles (ffba6ab0-90b5-11dc-9835-003048705d5a)
Plone projectreports : This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process. %NASLMINLEVEL 70300 C Tenable Network...
pjblog upload vulnerability-vulnerability warning-the black bar safety net
First of all have pjblog the super administrator accounteven is to take their blog to the test Log in, post a new log, pass an asp horse, and the extension to get rid of that pjblog seemingly didn't do the file header check, remember address Then login the backend, the recovery database before...
Assign Groups to Project Role screen allows entry of users as groups
When assigning groups to a project role, the screen allows the user to specify a group that is really a user name...
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite
PHP PEAR 1.5.3 - INSTALL-AS Attribute Arbitrary File Overwrite source: https://www.securityfocus.com/bid/24111/info PEAR is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker-supplied package may supply directory-traversal strings through the 'install-as' attribut...
Unfixed XSS vulnerability at as-w03s.nmsu.edu
Security researcher cyber, has submitted on 31/03/2007 a cross-site-scripting XSS vulnerability affecting as-w03s.nmsu.edu, which at the time of submission ranked 23673 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 31/03/2007. It is currently...
openoffice.org security update
Important: openoffice.org security update Advisory: RHSA-2007:0001-3 Type: Security Advisory Severity: Important Issued on: 2007-01-03 Last updated on: 2007-01-03 Affected Products: Red Hat Desktop v. 3 Red Hat Desktop v. 4 Red Hat Enterprise Linux AS v. 3 Red Hat Enterprise Linux AS v. 4 Red Hat...
PYSEC-2006-6
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."...
KDE JPEG KFile Info插件EXIF本地拒绝服务漏洞
JPEG kfile-info插件用于多个KDE应用程序显示图象META信息。 JPEG kfile-info插件在解析图象META信息时存在问题,本地攻击者可以利用漏洞对使用此插件的应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5 KDE KDE 3.4.3 - Gentoo Linux KDE KDE 3.4.2 KDE KDE 3.4.1 + RedHat Fedora Core4 KDE KDE 3.4 KDE KDE 3.4 KDE KD...
[Full-disclosure] Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00
Advisory Name : Multiple vulnerabilities in SAP Web Application Server Release Date : 2 November 2006 Application : SAP Web AS 6.40 patch 136 and 7.00 patch 66 Platform : All platforms except the third vulnerability Impacts : Remote file disclosure, remote DoS, local privilege escalation Author :...
CVE-2005-4807
CVE-2005-4807 concerns the GNU Binutils gas assembler. The vulnerability is a stack-based buffer overflow in the as_bad function within messages.c, triggered by a .c file containing crafted inline assembly code. Under affected configurations, an attacker could potentially execute arbitrary code w...
CVE-2005-4807
Stack-based buffer overflow in the asbad function in messages.c in the GNU as gas assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code...