Lucene search
K

341 matches found

ThreatPost
ThreatPost
added 2010/09/28 2:30 p.m.22 views

Squashing Ants: The Dynamics of XSS Remediation

Is anyone else getting tired of hearing excuses from customers — and worse yet, the security community itself — about how hard it is to fix cross-site scripting XSS vulnerabilities? Oh, come on. Fixing XSS is like squashing ants, but some would have you believe it’s more like slaying dragons. I...

6.5AI score
Exploits0References8
ThreatPost
ThreatPost
added 2010/06/03 5:39 p.m.7 views

Google Seeks Patent on WiFi Snooping Tech

Google’s secret Wi-Fi snooping used in the StreetView-mapping legal cases was powered by new sniffing technology that the company wants to patent, court documents filed allege. Read the full article. Computerworld...

1.3AI score
Exploits0References2
CVE
CVE
added 2010/03/24 5:0 p.m.49 views

CVE-2010-1095

CVE-2010-1095 is an XSS vulnerability in TRUC before or at version 0.11.0, affecting login_reset_password_page.php. The vulnerability allows remote attackers to inject arbitrary script or HTML via the error parameter. This information is sourced from multiple feeds (NVD/Red Hat/OpenVAS entries an...

4.3CVSS5.8AI score0.02329EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2009/10/01 6:43 p.m.9 views

Chris Hoff on Cloud Security, Disruptive Technologies and PCI DSS

Dennis Fisher talks with Chris Hoff of Cisco about the challenges of cloud deployment and security, cloud use cases and the effect that disruptive technologies can have on enterprises, vendors and standards organizations. Download Subscribe to the Digital Underground podcast on Podcast audio...

1.2AI score
Exploits0References4
0day.today
0day.today
added 2009/09/22 12:0 a.m.40 views

BPLawyerCaseDocuments SQL Injection

Exploit for unknown platform in category web applications =================================== BPLawyerCaseDocuments SQL Injection ====================================...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/09/22 12:0 a.m.58 views

BPLawyerCaseDocuments - SQL Injection

x========================================================================================================================================x | AntiSecuritydotorg |...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/09/22 12:0 a.m.41 views

BPLawyerCaseDocument 1.0 SQL Injection

x========================================================================================================================================x | AntiSecuritydotorg |...

7.4AI score
Exploits0
OSV
OSV
added 2009/02/21 11:30 p.m.2 views

DEBIAN-CVE-2008-6235

The Netrw plugin netrw.vim in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the 1 "D" delete command or 2 b:netrwcurdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases...

9.3CVSS7.8AI score0.02989EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2008/03/05 12:0 a.m.28 views

CVE-2008-1096

The loadtile function in the XCF coder in coders/xcf.c in 1 ImageMagick 6.2.8-0 and 2 GraphicsMagick aka gm 1.1.7 allows user-assisted remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted .xcf file that triggers an out-of-bounds heap write, possibly...

6.8CVSS7.2AI score0.04528EPSS
Exploits2References2
Oracle linux
Oracle linux
added 2007/05/17 12:0 a.m.34 views

Low: gdb security and bug fix update

6.3.0.0-1.143 - Fix unhandled race cases of exec from threaded program BZ 202689. - Add testcase for exec from threaded program BZ 202689. 6.3.0.0-1.142 - Fixed zombie threads regression from the stale threads crash fix BZ 195429. 6.3.0.0-1.141 - Fix bogus 0x0 unwind of the thread's topmost...

5.1CVSS6.2AI score0.03227EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2007/04/12 12:0 a.m.6 views

PT-2007-1470 · Smarty · Smarty

Name of the Vulnerable Software and Affected Versions: Smarty version 2.6.1 Description: A remote file inclusion issue in the unit test/test cases.php file of Smarty allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY DIR parameter. Recommendations: For Smarty version...

7.5CVSS7.9AI score0.0148EPSS
Exploits1References6
PyPA
PyPA
added 2007/03/10 10:19 p.m.8 views

PYSEC-2007-3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors...

10CVSS7AI score0.01342EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2006/10/27 12:0 a.m.31 views

Smarty-2.6.1.txt

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!! -------------------------------------------------------------------------------- Title : Smarty-2.6.1 Remote File Include Vulnerabilities -------------------------------------------------------------------------------- Author: CrackersChild cont@ct:...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2006/06/02 7:0 p.m.27 views

CVE-2006-2782

Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control...

6.5AI score0.01677EPSS
Exploits0References39
NVD
NVD
added 2005/12/31 5:0 a.m.29 views

CVE-2005-0136

The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service crash via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761...

2.1CVSS6AI score0.00401EPSS
Exploits0References11
myhack58
myhack58
added 2005/10/04 12:0 a.m.18 views

On the s6 su Admin Password Sniffer-vulnerability warning-the black bar safety net

A long time ago ago, FlashSky in the security focus of the above is a review Paper On Introduction to the use of the port dynamic re-binding technology Sniffer. The principle is very simple, I will not repeat it, interested can turn out to look. I this little tool is in Him is given the code base...

7.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2005/09/28 2:17 p.m.7 views

security flaw

The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service crash via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761...

2.1CVSS5.8AI score0.00401EPSS
Exploits0References4
CVE
CVE
added 2002/08/31 4:0 a.m.58 views

CVE-2001-1395

CVE-2001-1395 is a vulnerability described as unknown in sockfilter for Linux kernel before 2.2.19. Connected sources corroborate an off-by-one issue in the CPIA driver that could allow a local kernel-memory write and potentially expose or compromise kernel integrity; remediation in practice is t...

3.6CVSS5.3AI score0.0044EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2002/08/31 4:0 a.m.27 views

CVE-2001-1395

Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact...

5.3AI score0.0044EPSS
Exploits0References10
securityvulns
securityvulns
added 2002/02/13 12:0 a.m.125 views

ROTOS Remote SNMP Attack Tool

Internet Security Systems Security Alert February 12, 2002 PROTOS Remote SNMP Attack Tool Synopsis: ISS X-Force has learned of a powerful SNMP Simple Network Management Protocol attack tool that may be circulating in the computer underground. The PROTOS SNMP stress-testing tool sends thousands of...

7.5AI score
Exploits0
Rows per page
Query Builder