123 matches found
Flash and to patch: Adobe emergency release Flash Player unscheduled security update-vulnerability warning-the black bar safety net
Flash Player exists in a high-risk remote code execution vulnerability, currently being exploited by attackers to conduct large-scale attacks, Adobe has an emergency release an unscheduled security update. According to security vendor F-Secure said that in 1 0 On 1 4, Flash release patches to fix...
Microsoft Internet Explorer CVE-2014-4107 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
IBM Tivoli Directory Server 3.2.2/4.1 LDACGI Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10841/info IBM Tivoli Directory Server is reported to contain a directory traversal vulnerability in its web front-end application. This issue presents itself due to insufficient sanitization of user-supplied data. This...
Bitweaver 1.1.1 message_box.php sort_mode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15962/info bitweaver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities...
OpenFAQ 0.4 Validate.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17860/info OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script cod...
MyBB 1.0.2 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16387/info MyBB is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage this issue to have arbitrary script code...
Buffalo TeraStation TS-Series - Multiple Vulnerabilities
No description provided by source. Title: Buffalo TeraStation TS-Series multiple vulnerabilities Version affected: firmware version = 1.5.7 Vendor: http://www.buffalotech.com/products/network-storage Discovered by: Andrea Fabrizi Email: andrea.fabrizi gmail com Web: http://www.andreafabrizi.it...
BigAnt IM Server DDNF username Field Remote Overflow
Added: 04/22/2013 BID: 58998 OSVDB: 92239 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt IM Server is vulnerable to buffer overflow in the expsrv.dll library as a result of improper validation of...
Advanced File Management 1.4 - 'users.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/51339/info Advanced File Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...
Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/48946/info Curverider Elgg is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...
FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit
Exploit for freebsd platform in category local exploits ================================================================ FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit ================================================================ / cve-2008-3531.c -- Patroklos Argyroudis, arg...
Swiki 1.5 - HTML Injection Cross-Site Scripting
Swiki 1.5 - HTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/28680/info Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execu...
Woltlab Burning Board 2.3.x - 'register.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21370/info Woltlab Burning Board is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
DoceboLms 2.0.x - 'Lang' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/18110/info DoceboLMS is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file containi...
Dvbbs 7.1/8.2 - 'boardhelp.asp' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14498/info DVBBS is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in th...
phpBB 2.0.x - 'profile.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13344/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote attackers may potentially exploit th...
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (1)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection 1 source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote...
Qpopper 34 - Username Information Disclosure
Qpopper 34 - Username Information Disclosure source: https://www.securityfocus.com/bid/7110/info An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small...
PHP-Board 1.0 - User Password Disclosure
source: https://www.securityfocus.com/bid/6862/info php-board user information is stored in flat files on the system hosting the software. Access to the files via the web is not sufficiently restricted. Remote attackers may request user files and gain access to php-board user and administrative...