Design/Logic Flaw

Liferay Portal Community Edition CE 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity aka XXE issue...

CVE-2011-1503

The CVE-2011-1503 issue affects Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA. The XSL Content portlet allows remote authenticated users to read arbitrary XSL and XML files via a file:/// URL, indicating an information disclosure vulnerability within the portlet when deploye...

CVE-2011-1504

CVE-2011-1504 is an XSS vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x up to, but not including, 6.0.6 GA . It allows remote authenticated users to inject arbitrary web script or HTML via a blog title. The issue is remedied by upgrading to 6.0.6 GA (or later) where the fix is ...

CVE-2011-1502

CVE-2011-1502 affects Liferay Portal Community Edition 6.x up to 6.0.6 GA when deployed with Apache Tomcat. The vulnerability stems from an XML External Entity (XXE) issue: remote authenticated users can read arbitrary files by abusing an entity declaration with an entity reference. The available...

Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow (CVE-2010-4299)

Novell ZENworks Handheld Management is part of the Novell ZENworks suite that allows administrators to remotely update, configure, and inventory handheld devices such as Palm, Windows CE, PocketPC, and RIM BlackBerry. A buffer overflow vulnerability has been reported in Novell ZENworks Handheld...

Asterisk Trixbox CE Cross Site Scripting

The asterisk phonebook module found in trixbox CE is vulnerable to an xss which can be triggered by importing a contact from a csv file like this: "/alertdocument.cookie;";123123123;12313 FATAL ERROR url is $ip/admin/config.php?type=tool&display=phonebook So an import of a csv file which may...

Cisco IOS MPLS VPN May Leak Information - Cisco Systems

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching MPLS Virtual Private Networks VPNs or VPN Routing and Forwarding Lite VRF Lite and using Border Gateway Protocol BGP between Customer Edge CE and Provider Edge PE devices may permit...

Hacker Demos Remote Attacks Against ATMs

LAS VEGAS — Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines ATMs, a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand...

HLstatsX Community Edition 1.6.5 - Cross-Site Scripting

HLstatsX Community Edition 1.6.5 - Cross-Site Scripting Exploit Title: HLstatsX Community Edition 1.6.5 Cross Site Scripting Vulnerability Date: January 1st, 2010 Author: Sora Version: 1.6.5 and lower versions Tested on: Windows Vista ------------------------------------------- HLstatsX CE 1.6.5...

TwonkyMedia Server Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities Product: TwonkyMedia Server Vendor: TwonkyMedia PacketVideo Corporation, http://www.twonkymedia.com...

TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities Product: TwonkyMedia Server Vendor: TwonkyMedia PacketVideo Corporation, http://www.twonkymedia.com...

TwonkyMedia Server 4.4.175.0.65 - Cross-Site Scripting

TwonkyMedia Server 4.4.175.0.65 - Cross-Site Scripting -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== Title: TwonkyMedia Server Multiple Cross-Site Scripting Vulnerabilities Product: TwonkyMedia Server Vendor: TwonkyMedia...

TwonkyMedia Server <= 4.4.17, 5.0.65 xss

Exploit for unknown platform in category web applications ======================================== TwonkyMedia Server = 4.4.17, 5.0.65 xss ======================================== =========================================================================== Title: TwonkyMedia Server Multiple...

CVE-2009-3284

CVE-2009-3284 is a directory traversal vulnerability affecting multiple phpspot products: PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot. A remote attacker could read server files via unspecified vectors and cause potential data disclosure. Public referenc...

Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

Description Microsoft Visual Studio is prone to a remote code-execution vulnerability in the Active Template Library ATL. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built with the affected library. Technologies Affected...

CVE-2009-1953

IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM WebSphere Application Server WAS and Oracle BEA WebLogic Application Server, when the CE Web Services listener has a certain WSEAF configuration, does not properly restrict use of a cached Subject, which allows remote attackers to...

Directory traversal

Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. dot dot in the langChoice parameter...

CVE-2008-6825

CVE-2008-6825 is a directory traversal/local file inclusion vulnerability in Fonality trixbox CE 2.6.1 and earlier, exposed via the langChoice parameter in user/index.php. The underlying issue is improper handling of the langChoice input, enabling an attacker to include and execute arbitrary file...

Fedora Update for synce-gnomevfs FEDORA-2008-0680

Check for the Version of synce-gnomevfs OpenVAS Vulnerability Test Fedora Update for synce-gnomevfs FEDORA-2008-0680 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CentOS Security Advisory CESA-2009:0004-01 (openssl)

The remote host is missing updates to openssl announced in advisory CESA-2009:0004-01. CESA-2009:0004-01 63346 1 $Id: ovcesa2009000401.nasl 6650 2017-07-10 11:43:12Z cfischer $ Description: Auto-generated from advisory CESA-2009:0004-01 openssl Authors: Thomas Reinke Copyright: Copyright c 2009...