Baidu Soba Remote Code Execute Vulnerability(FGA-2007-10)

hi full-disclosure, Baidu Soba Remote Code Execute Vulnerability by cocoruder of Fortinet Security Research Team http://ruder.cdut.net Summary: Baidu Soba is a popular browser toolbar which developed by Baidu, a Chinese web search engine company, like Google, more informations can be found at:...

FreeBSD : opera -- multiple vulnerabilities (12d266b6-363f-11dc-b6c9-000c6ec775d9)

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability : Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern...

opera -- multiple vulnerabilities

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability: Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern c...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 inccheckdatelang.php, 2 inccharsetfx.php, 3 incconfigcolor.php, 4 inccurrencyset.php, 5 incdbmakelink.php, 6 incdiagnosticsreportfx.php, 7...

[Full-disclosure] Alibaba Alipay Remote Code Execute Vulnerability-0DAY

Alibaba Alipay Remote Code Execute Vulnerability by cocoruderfrankruderathotmail.com http://ruder.cdut.;et Summary: Alipay is China’s leading online payment service, and a division of Alibaba.com. It enables individuals and businesses to securely, easily and quickly send and receive payments...

PHP iCalendar 1.12.x - day.php Cross-Site Scripting

PHP iCalendar 1.12.x - day.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21792/info PHP icalendar is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

LS-20060908 - Computer Associates BrightStor ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability

LS-20060908 LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup v11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system. The flaw specifically exists within the Tape Engine...

BlueSocket BSC 2100 5.0/5.1 - Admin.pl Cross-Site Scripting

source: https://www.securityfocus.com/bid/21419/info BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...

Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/21182/info Dolphin is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have malicious PHP code execute in the context of the webserver process. This may allow the...

Selenium Web Server 1.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/21100/info Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting...

ac4p Mobile - 'send.php?cats' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20895/info Mobile is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

Jamroom 3.0.16 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20162/info Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context ...

DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities

DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/19622/info Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in...

e107 0.7.5 - Subject HTML Injection

e107 0.7.5 - Subject HTML Injection source: https://www.securityfocus.com/bid/18560/info The e107 CMS is prone to an HTML-injection vulnerability. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site...

iFusion iFlance 1.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/18399/info iFlance is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

Enigma Haber 4.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/18226/info Enigma Haber is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser ...

timobraun Dynamic Galerie 1.0 - galerie.php?pfad Arbitrary Directory Listing

timobraun Dynamic Galerie 1.0 - galerie.php?pfad Arbitrary Directory Listing source: https://www.securityfocus.com/bid/17896/info Dynamic Galerie is prone to a directory-traversal vulnerability and a cross-site scripting vulnerability. These issues are due to a failure in the application to...