Zend Server Java Bridge Remote Code Execution

Added: 04/08/2011 BID: 47060 OSVDB: 71420 Background Zend Server is an enterprise web application server for hosting PHP applications. Problem The Zend Server Java Bridge allows PHP applications to execute methods in Java classes. The Java Bridge does not validate that requests to execute Java co...

[SECURITY] Fedora 15 Update: rubygem-activeresource-3.0.5-1.fc15

Wraps web resources in model classes that can be manipulated through XML ov er REST...

Andy's PHP Knowledgebase Project 0.95.4 SQL Injection

------------------------------------------------------------------------ Software................Andy's PHP Knowledgebase Project 0.95.4 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.aphpkb.org/ Discovery Date..........3/27/2011 Test...

Andys PHP KnowledgeBase 0.95.4 - SQL Injection

Andys PHP KnowledgeBase 0.95.4 - SQL Injection ------------------------------------------------------------------------ Software................Andy's PHP Knowledgebase Project 0.95.4 Vulnerability...........SQL Injection Threat Level............Critical 4/5...

CVE-2010-3557

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...

CVE-2010-3557

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...

Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)

This host is missing a critical security update according to Microsoft Bulletin MS10-074. OpenVAS Vulnerability Test $Id: secpodms10-074.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability 2387149 Authors: Madhuri D Copyright:...

Microsoft Security Bulletin MS10-074 - Moderate Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)

Microsoft Security Bulletin MS10-074 - Moderate Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution 2387149 Published: October 12, 2010 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Microsoft...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3481

Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password variables, possibly related to include/classes/Login.php. NOTE: some of these details are...

NullPointerException when Switching between Projects or Boards

In my case, the WEB-INF/classes/log4j.properties included has these loggers turned off, but they still seem to run. I am including a patch that ignores the NullPointerException following the pattern of ignoring the ClassNotFoundException. Details below taken from:...

[SECURITY] Fedora 11 Update: gnustep-base-1.18.0-9.fc11

The GNUstep Base Library is a powerful fast library of general-purpose, non-graphical Objective C classes, inspired by the superb OpenStep API but implementing Apple and GNU additions to the API as well. It includes for example classes for unicode strings, arrays, dictionaries, sets, byte streams...

[SECURITY] Fedora 12 Update: sip-4.10.1-2.fc12

SIP is a tool for generating bindings for C++ classes so that they can be accessed as normal Python classes. SIP takes many of its ideas from SWIG bu t, because it is specifically designed for C++ and Python, is able to generate tighter bindings. SIP is so called because it is a small SWIG. SIP w...

Joomla Component com_education_classes SQL injection Vulnerability

Exploit for php platform in category web applications ================================================================== Joomla Component comeducationclasses SQL injection Vulnerability ================================================================== Exploit Title: joomla component education SQ...

libpangoft2 segfaults on forged font files

Array index error in the hbotlayoutbuildglyphclasses function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service application crash via a crafted font file, related to building a synthetic Glyph Definition aka GDEF table by usin...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSconfigdirplugins parameter to plugins/address/admin/index.php, 2 GLOBALSconfigdirfunctions parameter to plugins/im/compose.php, and 3...

Improper access control

DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in 1 templates/ including 2 templates/deluxe/admincp/...

DeluxeBB 1.3 - Multiple Vulnerabilities

DeluxeBB 1.3 - Multiple Vulnerabilities Author: cp77fk4r | Empty0pagEShift+2gmail.com Vendor: http://www.deluxebb.com Directory Listing http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang...