openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

Softrex Tornado WWW-Server 1.2 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7716/info A buffer overflow vulnerability has been reported for Tornado www-Server. The vulnerability exists when Tornado processes overly long HTTP requests. This will result in the server crashing. Although unconfirmed,...

W-Agora 4.1.x Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4977/info W-Agora is prone to an issue which may allow an attacker to include arbitrary files located on a remote server. In particular, the 'incdir' variable found in a number of the W-Agora scripts defines the path to t...

Abuse-SDL 0.7 Command-Line Argument Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7982/info A buffer overflow vulnerability has been reported for Abuse-SDL that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient bounds checking performed on certain...

WebCal 3.0 4 webcal.cgi Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15917/info WebCal is prone to multiple HTML injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically...

Clam Anti-Virus ClamAV 0.88.x UPX Compressed PE File Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19381/info ClamAV is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue occurs when the...

PHProjekt 3.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4284/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows...

CDRTools CDRecord 1.11/2.0 Devname Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an...

Oracle Java System.arraycopy() Race Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...

Oracle Java Proxy.newProxyInstance Security Manager Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass of security permissions is...

Multi Website 1.5 - 'search' HTML Injection

source: https://www.securityfocus.com/bid/43245/info Multi Website is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run i...

SAP cFolders - Cross-Site Scripting / HTML Injection

source: https://www.securityfocus.com/bid/34658/info SAP cFolders is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site,...

PHORTAIL 1.2.1 - 'poster.php' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/34038/info PHORTAIL is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacke...

3Com Wireless 8760 Dual-Radio 11abg PoE - Multiple Vulnerabilities

3Com Wireless 8760 Dual-Radio 11abg PoE - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/32358/info 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to multiple security vulnerabilities, including an HTML-injection issue and an authentication-bypass issue...

Falcon Series One 1.4.3 stable - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/26798/info Falcon Series One is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include a remote file-include vulnerability and multiple HTML-injection vulnerabilities. Exploiting...

SMF 1.1 - 'index.php' HTML Injection

source: https://www.securityfocus.com/bid/22143/info SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected...

Sympa 4.x - New List HTML Injection

Sympa 4.x - New List HTML Injection source: https://www.securityfocus.com/bid/10992/info An HTML injection vulnerability is reported in Sympa. The problem occurs due to a failure of the application to properly sanitize user-supplied input data. Unsuspecting users viewing the affected page will ha...

myServer 0.4.x - cgi-lib.dll Remote Buffer Overflow (PoC)

myServer 0.4.x - cgi-lib.dll Remote Buffer Overflow PoC source: https://www.securityfocus.com/bid/8612/info myServer has been reported prone to a remote buffer overflow vulnerability. It is possible to trigger this issue by sending overly long values for URI parameters. Although unconfirmed, this...

MyServer 0.4.3 - GET Argument Buffer Overflow

// source: https://www.securityfocus.com/bid/7770/info myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length. Although unconfirmed, this vulnerability may be exploited to...

Microsoft WordPerfect - Converter Buffer Overrun

source: https://www.securityfocus.com/bid/8538/info The Microsoft WordPerfect Converter, which ships with Office and a number of other products, is prone to a buffer overrun vulnerability. This could result in execution of malicious, attacker-supplied code when a document with malformed parameter...