2019 matches found
modjk1219-overflow.txt
!/usr/bin/python / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: Apache modjk...
CVE-2008-3228
CVE-2008-3228 affects Joomla! prior to 1.5.4. The issue is that the .htaccess configuration does not apply certain security checks that are described as blocking common exploits for SEF URLs. The impact is explicitly stated as unknown, and the description notes remote attack vectors without detai...
Code injection
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620,...
CVE-2008-2621
CVE-2008-2621 affects Oracle PeopleSoft Enterprise (PeopleTools) with 8.48.17 and 8.49.11. The connected PeopleSoft/JD Edwards entry lists CVE-2008-2621 under PeopleSoft PeopleTools with a CVSS v2 base score of 4.0 (Medium). The risk matrix indicates the vulnerability requires a valid session (au...
CVE-2008-2603
CVE-2008-2603 is an Oracle Enterprise Manager (Database Control) cross-site scripting vulnerability affecting 10gR1/10gR2/11.1.0.6 where the REFRESHCHOICE parameter can inject arbitrary script/HTML. The issue originates from the July 2008 CPU advisory; vendors released a patch as part of the CPU....
CVE-2008-2579
CVE-2008-2579 affects WebLogic Server Plugins for Apache, Sun and IIS web servers bundled with BEA/Oracle WebLogic, specifically in BEA Product Suite versions 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7. The vulnerability is described as unspecified with unknown impact, but multipl...
CVE-2008-2598
CVE-2008-2598 affects the TimesTen Client/Server component of Oracle TimesTen In‑Memory Database 7.0.3.0.0. It is exploitable remotely over HTTP without authentication (CVSS v2 base 5.0, Network) and is fixed in TimesTen Server 7.0.4.0.0. Upgrade to 7.0.4.0.0 or later. Related CVEs (2597, 2599) h...
Claroline 1.8.9 - workwork.php Cross-Site Scripting
Claroline 1.8.9 - workwork.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these...
Cross site scripting
Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with...
GlassFish Application Server - '/resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...
Microsoft Vista speech recognition unauthorized access
Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound...
ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal
source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...
Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)
No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities
QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...
CVE-2008-1812
CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...
Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities
Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Authenticated attackers may levera...
IOActive Security Advisory: Buffer overflow in Python zlib extension module
Title: Buffer overflow in Python zlib extension module Date Discoverd: ??-April-2008 Date Reported: 08-April-2008 Date Patched: 08-April-2008 Date Disclosed: 09-April-2008 Criticality: Critical Affected Products ----------------- Python 2.5.2, earlier and unstable version are likely to be...
EasySite 2.0 - 'image_editor.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/28563/info EasySite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks...
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application...
CVE-2008-0343
CVE-2008-0343 concerns an unspecified vulnerability in the Oracle Spatial component affecting Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5. The description notes unknown impact and remote attack vectors (DB06). Public references list multiple advisories; the NVD entry assigns a...