3502 matches found
[Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection
Products: Postnuke v 0.726 http://www.postnuke.com Date: 15 April 2004 Author: pokleyzz pokleyzzatscan-associates.net Contributors:skatscan-associates.net shaharilatscan-associates.net muniratscan-associates.net URL: http://www.scan-associates.net Summary: Postnuke v 0.726 and below SQL injection...
MSWordPW.txt
Hi ... There are several vulnerabilities published/discussed regarding MS Word MS Office in general, however, 'tis is the most "no brainer" I've discovered ... Vulnerability: Password protected document that has "tracked changes, comments or forms" password protected Vulnerable: MS Word Win2K/XP...
Invision Power Top Site List 1.1 RC 2 - SQL Injection
Invision Power Top Site List 1.1 RC 2 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site...
CVE-2003-0287
Cross-site scripting XSS vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled...
CVE-2002-0958
Cross-site scripting vulnerability in browse.php for PHPReactor 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section...
Buffer Overflow in SGI IRIX syslogd
Overview A remotely exploitable buffer overflow in SGI IRIX syslogd may allow an attacker to crash syslogd or execute arbitrary code. Description There is a remotely exploitable buffer overflow in SGI IRIX syslogd. For more detailed information please see SGI Security Advisory 20020405-01-I. ---...
Blahz-DNS does not properly authenticate users before granting access to various configuration pages
Overview Blahz-DNS does not properly authenticate users. Description Blahz-DNS does not properly authenticate users. As a result, an attacker can gain access to various configuration pages. For more detailed information, please see the ppp-design advisory. --- Impact An attacker can gain access t...
DEBIAN-CVE-2002-1337
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c...
CVE-2002-0958
Cross-site scripting vulnerability in browse.php for PHPReactor 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section...
PT-2002-1753 · Myguestbook · Myguestbook
Name of the Vulnerable Software and Affected Versions: MyGuestbook version 1.0 Description: A cross-site scripting issue allows remote attackers to execute arbitrary script or inject HTML via fields such as user name or comments. Recommendations: For MyGuestbook version 1.0, consider validating a...
AOL Instant Messenger vulnerable to DoS via crafted packets
Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client window. Description All versions of AIM for Windows proir to beta version 4.8.2540 contain a buffer overflow that permits an attacker to cause a...
EasyNews 1.5 - NewsDatabaseTemplate Modification
EasyNews 1.5 - NewsDatabaseTemplate Modification source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. A...
EasyNews 1.5 - NewsDatabase/Template Modification
source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderate...
CVE-2001-1419
AOL Instant Messenger AIM 4.7.2480 and earlier allows remote attackers to cause a denial of service application crash via an instant message that contains a large amount of "!--" HTML comments...
Дырка в Netscape (gif comment scripting)
javascript вставленный в комментарий GIF-файла будет выполнен в контексте локальной машины...
Netscape Navigator 4.0.8 - about: Domain Information Disclosure
Netscape Navigator 4.0.8 - about: Domain Information Disclosure source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment...
Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure
source: https://www.securityfocus.com/bid/2637/info Due to a flaw in Navigator's security code, all URLs in the about: protocol are considered to be part of the same domain. If arbitrary Javascript code is placed in a GIF's comment field, it is treated like a normal HTML page. The Javascript code...
DST2K0036.txt
============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 22/09/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...
Security update 1970-01-01
...
Security update 1970-01-01
...