Jetty 6.x / 7.x Information Disclosure / XSS

Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

Vivvo CMS 4.1.5.1 file disclosure

Exploit for unknown platform in category web applications ================================= Vivvo CMS 4.1.5.1 file disclosure ================================= Description of vulnerable software: Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering...

[waraxe-2009-SA#075] - Remote File Disclosure in Vivvo CMS 4.1.5.1

waraxe-2009-SA075 - Remote File Disclosure in Vivvo CMS 4.1.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 21. October 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-75.html Description of vulnerable software...

Remote File Disclosure in Vivvo CMS 4.1.5.1

No description provided by source. waraxe-2009-SA075 - Remote File Disclosure in Vivvo CMS 4.1.5.1 =============================================================================== Author: Janek Vind "waraxe" Date: 21. October 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-75.html...

Design/Logic Flaw

Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 befo...

x10 MP3 Automatic Search Engine 1.6.5 - includesvideo_ad.php?pic_id Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5 - includesvideoad.php?picid Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

JDK reposition of untrusted applet security icon in X11

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

DragDropCart - '/assets/js/ddcart.php?sid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43478/info DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Mozilla Firefox 3.5.1 - Error Page Address Bar URI Spoofing

source: https://www.securityfocus.com/bid/35803/info Mozilla Firefox is affected by a URI-spoofing vulnerability. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of trust because the victim may be...

IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation

source: https://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users'...

Researcher to unveil new SQL injection attack

From Dark Reading, by Kelly Jackson Higgins In the last couple of years, SQL injection attacks have become the favorite tactic of pentration testers, cyber criminals and script kiddies alike. But some researchers are taking the technique to a new level. At Black Hat Europe later this month, a...

Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability

Title: ------ Cisco Unified IP Phone 7960G and 7940G SIP RTP Header Vulnerability Summary: -------- The Cisco Unified IP Phone 7960G and 7940G SIP do not correctly parse some malformed RTP headers leading to a deterministic denial of service Assigned CVE: ------------- CVE-2008-4444 Details:...

Trillian AIM Plugin Malformed XML Tag Heap Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the...

Apoll 0.7b - Authentication Bypass

Apoll version Remote Auth Bypass Vulnerability version: beta 0.7 script dwonload: http://www.miticdjd.com/download/3/ ---------------------------------------------------------- Discovered By: ZoRLu Date: 03.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi...

Fuzzylime (cms) 3.0 - usercheck.php Cross-Site Scripting

Fuzzylime cms 3.0 - usercheck.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31306/info fuzzylime cms is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform...

modjk1219-overflow.txt

!/usr/bin/python / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: Apache modjk...

Claroline 1.8 - 'user/user.php' Query String Cross-Site Scripting

source: https://www.securityfocus.com/bid/30346/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross site scripting

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with...

GlassFish Application Server - '/resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Microsoft Vista speech recognition unauthorized access

Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound...