Oracle 9iAS XSQLServlet soapConfig.xml Authentication Credentials Disclosure

In a default installation of Oracle 9iAS v.1.0.2.2.1, it is possible to access some configuration files. These files include detailed information on how the product was installed on the server including where the SOAP provider and service manager are located as well as administrative URLs to acce...

phpBB 2.0.3 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to steal a legitimate users...

phpBB 2.0.3 - Script Injection

phpBB 2.0.3 - Script Injection source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Scrip...

phpBB 2.0.3 - Script Injection

source: https://www.securityfocus.com/bid/6248/info phpBB does not properly sanitize user input in forum postings. This could allow a malicious user to inject script code into a forum post which would in turn be executed when the page is viewed by other users. Script code would be executed in the...

vBulletin 2.02.2.x - memberlist.php Cross-Site Scripting

vBulletin 2.02.2.x - memberlist.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6226/info vBulletin does not filter HTML tags from URI parameters, making it prone to cross-site scripting attacks. As a result, it is possible for a remote attacker to create a malicious link...

SurfControl SuperScout Email Filter 3.5 - 'MsgError.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/5928/info SurfControl SuperScout Email Filter comes with a web-based interface to provide remote access to administrative facilities. The web-based admin interface is prone to cross-site scripting attacks. It is possible to create a link containing...

CVE-2001-0884

CVE-2001-0884 is a cross-site scripting vulnerability in the Mailman email archiver prior to version 2.08. The issue allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. The provided documents do not include remed...

Nortel CVX 1800 Multi-Service Access Switch - Default SNMP Community

source: https://www.securityfocus.com/bid/4507/info Nortel CVX 1800 Multi-Service Access Switch is a hardware modem bank. The device contains a default SNMP community string of "public", which may allow enable a remote attacker to gain access to sensitive information such as authentication...

Microsoft Site Server 3.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/3999/info Microsoft Site Server is designed to run on Microsoft Windows NT Server platforms. It provides a means for users on a corporate intranet to share, publish, and find information. Site Server Commerce Edition incorporates the same features as well...

DeleGate 7.7.1 - Cross-Site Scripting

DeleGate 7.7.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/3749/info DeleGate is a proxy server which runs on Linux , Unix, Microsoft Windows and OS/2 platforms. It is capable of translating a number of protocolsHTTP, FTP, NNTP, POP, Telnet, etc. between client and server...

Microsoft Windows Server 2000 - RunAs Service Denial of Service

Microsoft Windows Server 2000 - RunAs Service Denial of Service // source: https://www.securityfocus.com/bid/3291/info The Windows 2000 RunAs service allows an application or service to be executed as a different user. It is accessed by holding down the shift key and right mouse clicking on an...

Trend Micro Interscan VirusWall for Windows NT 3.51 - Configurations Modification

source: https://www.securityfocus.com/bid/2859/info A remote user could utilize the administrator functions of Interscan Viruswall without providing authentication credentials. This may allow the user to make configuration changes when submitting specially crafted URLs to the host...

[CORE SDI ADVISORY] RealServer memory contents disclosure

CORE SDI http://www.core-sdi.com Report for RealServer memory contents disclosure vulnerability Date Published: November 16th, 2000 Advisory ID: CORE-20001116 Bugtraq ID: 1957 CVE CAN: None currently assigned. Title: RealServer memory contents disclosure vulnerability Class: Failure to handle...

DUO-PSA-2018-004: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2018-004 Publication Date: 2018-12-18 Revision Date: 2018-12-18 Status: Confirmed, Fixed Document Revision: 1 Overview Duo has identified and fixed an issue with the Duo Access Gateway DAG. This issue could have allowed for data exposure on the...