35 matches found
GNU GNATS 3.113.1_6 - Queue-PR Database Command Line Option Buffer Overflow
source: https://www.securityfocus.com/bid/8232/info A stack overflow vulnerability has been reported for the queue-pr utility of GNATS. The vulnerability occurs due to insufficient checks performed on the arguments to the '-d' commandline option. Successful exploitation may result in the executio...
Splatt Forum 3/4 - Post Icon HTML Injection
source: https://www.securityfocus.com/bid/8198/info Splatt Forum has been reported prone to a HTML injection vulnerability. An attacker may save a Splatt Forum post form, and modify it so that the post icon value contains arbitrary attacker supplied HTML code. As a result, a malicious user may ha...
Tripbit Secure Code Analizer 1.0 - fgets() Local Buffer Overrun
Tripbit Secure Code Analizer 1.0 - fgets Local Buffer Overrun // source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This...
Webfroot Shoutbox 2.32 - Remote Command Execution
Webfroot Shoutbox 2.32 - Remote Command Execution source: https://www.securityfocus.com/bid/7746/info Shoutbox is prone to an issue that may result in the execution of attacker-supplied code. The vulnerability exists due to insufficient sanitization of the 'conf' URI parameter. An attacker can...
CDRTools CDRecord 1.11/2.0 - Devname Format String
// source: https://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an unsupported feature of the...
Dr.Web 4.x - Virus Scanner Folder Name Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/7022/info A buffer overflow vulnerability has been reported for Dr. Web virus scanner. The vulnerability is due to insufficient bounds checking when processing folder names. An attacker is able to exploit this vulnerability by creating a malicious folder...
GNU Mailman 2.1 - Error Page Cross-Site Scripting
GNU Mailman 2.1 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/6678/info A vulnerability has been discovered in GNU Mailman. The issue occurs to insufficient sanitization of user-supplied data which is output when generating error pages. As a result, attackers may emb...
GNU Mailman 2.1 - 'email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6677/info A vulnerability has been discovered in GNU Mailman. It has been reported that Mailman is prone to cross site scripting attacks. This is due to insufficient santization of URI parameters. As a result, attackers may embed malicious script code or...
MyMarket 1.71 - Form_Header.php Cross-Site Scripting
MyMarket 1.71 - FormHeader.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker c...
MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6035/info MyMarket is prone to cross-site scripting attacks. HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable...
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities
Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5516/info Multiple cross site scripting vulnerabilities have been reported for the Bonsai tool. An attacker may exploit this vulnerability by causing a victim user to follow a malicious link...
ShoutBox 1.2 - Form HTML Injection
ShoutBox 1.2 - Form HTML Injection source: https://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated ...
osCommerce 2.1 - Remote File Inclusion
osCommerce 2.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/5037/info osCommerce is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. If the remote file is a PHP script, this may allow for execution of attacker-supplied P...
Mewsoft NetAuction 3.0 - Cross-Site Scripting
Mewsoft NetAuction 3.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5023/info NetAuction does not filter HTML code from URI parameters, making it prone to cross-site scripting attacks. Attacker-supplied HTML code may be included in a malicious links. The attacker-supplied HTML...
Geeklog 1.3.5 - Calendar Event Form Script Injection
Geeklog 1.3.5 - Calendar Event Form Script Injection source: https://www.securityfocus.com/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by...