2019 matches found
UPnP enabled by default in multiple devices
Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...
PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities
PRO-Search 0.17 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
ViArt CMS/Shop/HelpDesk 3.3.2 Remote File Inclusion Vulnerability
No description provided by source. Name : ViArt CMS 3.3.2 Remote File Include Download From : http://www.viart.com/downloads/viartcms-3.3.2.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ============================================================================ Vulne Code : Line 4 :...
Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability
Description DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit...
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26286/info Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize...
CVE-2007-5524
Technical details for CVE-2007-5524 are not publicly provided in the supplied documents; no specific affected products/versions, root cause, or remediation are disclosed. Monitor for updates.
CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01...
VMware Workstation 6.0多个安全漏洞
BUGTRAQ ID: 25728,25729,25731,25732 CVECAN ID: CVE-2007-0061,CVE-2007-0062,CVE-2007-0063,CVE-2007-4059,CVE-2007-4155,CVE-2007-4496,CVE-2007-4497 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的实现上存在多个安全漏洞,可导致多种威胁。 具体如下: 1 VMWare的DHCP服务器可被恶意网页用来获取系统权限。 2...
Boinc Forum Cross Site Scripting Vulrnability
HSC Boinc Forum Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
Opera/Konqueror: data: URL scheme address bar spoofing
With a specially crafted web page, an attacker can redirect a www browser to the page, which URL in the url bar resembles an arbitrary domain choosen by the attacker. It's possible due to the fact, that some web browsers incorrectly display contents of the url bar while rendering pages based on t...
Code injection
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...
CVE-2007-2548
Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...
CVE-2007-2548
Summary: CVE-2007-2548 concerns TurnkeyWebTools SunShop Shopping Cart 4.0 with an issue in index.php described as a vulnerability tied to cookie manipulation and a remote attack vector . The exact impact is listed as unknown in the description. The available data indicate a remote, low-complexity...
Atomix MP3 - .MP3 File Buffer Overflow
Atomix MP3 - .MP3 File Buffer Overflow // source: https://www.securityfocus.com/bid/23756/info Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit...
MoinMoin 1.5.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23676/info MoinMoin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
CVE-2007-2110
CVE-2007-2110 affects Oracle Database on Windows, targeting the Core RDBMS. The vulnerability (DB03) arises from the RDBMS using a NULL DACL for the Oracle process and certain shared memory sections, enabling local users to inject threads and execute arbitrary code via OpenProcess, OpenThread, an...
Sql injection
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
CVE-2007-0971
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the...
mini-traverse.txt
Hello! Miniwebsvr 0.0.6 suffers from a directory traversal flaw. "Exploit" : http://yoursite/..%00 Attack vector seems limited as you're only able to list one level down. Cheers, Daniel Nyström, [email protected] Fredrik Wessberg, [email protected]...