5566 matches found
Code injection
The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript...
CVE-2009-2320
The CVE-2009-2320 issue affects the Axesstel MV 410R web interface where input validation relies on client-side JavaScript; remote attackers could send crafted data via a client that does not process JavaScript. The root cause is reliance on client-side validation, enabling potential unspecified ...
eliteCMS multiple Vulnerabilities
eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...
Inside the PowerPoint mega-patch
Microsoft patched all Windows versions of PowerPoint today — addressing both a zero-day flaw microsoft.com and 13 other privately reported security vulnerabilities. The zero-day vulnerability enabled attackers to take over client machines if a user opened a malformed powerpoint document or visite...
32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC
No description provided by source. ! /usr/bin/perl A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. By: Load 99% website: http://www.electrasoft.com/32ftp.htm Version:09.04.24 0:005 g ... 9b0.bac: Access violation - code...
IceWarp WebMail Mail Forgery
Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content During a penetration test, RedTeam Pentesting discovered that the emails sent by the IceWarp WebMail Server when using the "Forgot Password" function are generated on the client side. Furthermore, the...
32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)
!/usr/bin/perl A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. By: Load 99% website: http://www.electrasoft.com/32ftp.htm Version:09.04.24 0:005 g ... 9b0.bac: Access violation - code c0000005 first chance First chance...
eLitius 1.0 - Arbitrary Database Backup
eLitius 1.0 - Arbitrary Database Backup Powered By eLitius 1.0 Remote Database Backup Backup MySQL Database Choose Operation: Backup data only Save to your PC Greets: Dos-Dz TeaM SnAkEs-TeaM H4ckF0rU TeaM Team Sobh4n ALLAH Dork: Powered By eLitius 1.0 Cod3d By ThE g0bL!N...
Cache Plugin -Cross-site script error
Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...
Cache Plugin -Cross-site script error
Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...
Reporting Plugin- Cross-site scripting error
Our e-security found the following error for the Reporting plugin: Number System/Location Defect Type Status R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to...
Reporting Plugin- Cross-site scripting error
Our e-security found the following error for the Reporting plugin: Number System/Location Defect Type Status R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to...
Latex Plugin-Cross-site Scripting Error
Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...
Latex Plugin-Cross-site Scripting Error
Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...
Latex Plugin-Cross-site Scripting Error
Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...
Microsoft Security Bulletin MS06-056
A cross-site scripting vulnerability exists in a server running a vulnerable version of the .Net Framework 2.0 that could inject a client side script in the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected web site...
CVE-2007-5289
HP Mercury Quality Center QC 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture OTA API, as...
CVE-2009-0216
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...
UltraVNC和TightVNC客户端整数溢出漏洞
BUGTRAQ ID: 33568 CVECAN ID: CVE-2009-0388 UltraVNC和TightVNC都是开源的远程终端模拟软件。 UltraVNC和TightVNC客户端存在多个整数溢出漏洞,有漏洞的函数为: . 'ClientConnection::CheckBufferSize' . 'ClientConnection::CheckFileZipBufferSize' UltraVNC的1.0.2及之前版本使用有漏洞的函数: . 'ClientConnection::ReadServerCutText : 3859'...
CVE-2009-0247
The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...