Vivisimo Clustering Engine - Search Script Cross-Site Scripting

Vivisimo Clustering Engine - Search Script Cross-Site Scripting source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a...

Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting

source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An attacker may leverage this issue to have arbitrary script code executed in the browser of...

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure

BEA WebLogic 7.0 - HostnameNetBIOS Name Remote Information Disclosure source: https://www.securityfocus.com/bid/7257/info It has been reported that some types of requests may result in sensitive information disclosure. From this, an attacker may be able to launch a more organized attack against...

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure source: https://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path ...

Zeroo HTTP Server 1.5 - Directory Traversal (1)

// source: https://www.securityfocus.com/bid/6308/info It has been reported that Zeroo fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources...

IBM Websphere Edge Server 3.64.0 - Cross-Site Scripting

IBM Websphere Edge Server 3.64.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/6000/info A vulnerability has been discoverered in the Caching Proxy component bundled with the IBM Websphere Edge Server. It has been reported that the Caching Proxy is vulnerable to cross site...

ViewCVS 0.9.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4818/info ViewCVS does not filter HTML tags from certain URL parameters, making it prone to cross-site scripting attacks. An attacker may exploit this by constructing a malicious link with script code to a site running ViewCVS and sending it to a legitima...

Apache Tomcat 4.0/4.1 - Servlet Full Path Disclosure

source: https://www.securityfocus.com/bid/4575/info Apache Tomcat is a servlet container for use with the Java Servlet and JavaServer Pages technologies. Tomcat may be run on most UNIX and Linux variants as well as Microsoft Windows. Apache Tomcat ships with a number of example classes SnoopServl...

CVE-2001-0337

The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests...

HP-UX 11.0 - pppd Local Stack Buffer Overflow

HP-UX 11.0 - pppd Local Stack Buffer Overflow / Copyright c 2000 ADM / / All Rights Reserved / / THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF ADM / / The copyright notice above does not evidence any / / actual or intended publication of such source code. / / / / Title: HP-UX pppd / / Tested...

SuSE Linux 6.36.4 - Installed Package Disclosure

SuSE Linux 6.36.4 - Installed Package Disclosure source: https://www.securityfocus.com/bid/1707/info By submitting a specific url to the web server "http://hosts.any/doc/packages/" , any user from any host may obtain a list of packages installed on a S.u.S.E 6.3 or 6.4 system. This problem is due...

Microsoft IIS perl.exe HTTP Path Disclosure

It was possible to obtain the physical location of a virtual web directory of this host by issuing a request for a non-existent file with an IISAPI-registered extension. An attacker may use this flaw to gain more information about the remote host, and hence make more focused attacks. %NASLMINLEVE...

SGI IRIX 6.4 - ioconfig Local Privilege Escalation

SGI IRIX 6.4 - ioconfig Local Privilege Escalation source: https://www.securityfocus.com/bid/213/info A vulnerability exists in the ioconfig program, as shipping with IRIX 6.4 S2MP from Silicon Graphics, Inc. This program is only available on Irix 6.4 for the Origin/Onyx2. Other machines running...

Slackware Linux 3.4 - 'liloconfig-color' Temporary File

source: https://www.securityfocus.com/bid/77/info liloconfig-color creates the file /tmp/reply insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/reply to any file and wait for root to run the program. This will clober the target file. The file created has...