56 matches found
Format string
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities...
UBUNTU-CVE-2017-7544
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure...
DEBIAN-CVE-2017-7544
libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exifdatasavedataentry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure...
Shin Kinkyuji Houkoku Data Nyuryoku Program Untrustworthy Search Path Vulnerability
Shin Kinkyuji Houkoku Data Nyuryoku Program is a data entry program for basic statistical reports for the petroleum industry from the Agency for Natural Resources and Energy of Ministry, Trade and Industry METI in Japan. Installer is one of the installation programs. An untrusted search path...
network tracker .95 - Stored XSS
No description provided by source. Exploit Title: Network Tracker .95 Stored XSS Date: 08-18-2011 Author: G13 Software link: http://networktracker.org/ Version: .95 ISSUE The application contains a option which allows anyone to create a user. If this option is left enabled an attacker could launc...
CVE-2013-4610
CVE-2013-4610 affects the Data Search utility in REDCap data-entry forms, specifically REDCap before 5.0.3 and 5.1.x before 5.1.2. The impact is not specified in the sources, and there are no public exploitation details provided in the connected documents. No remediation or fix versions are descr...
Network Tracker 0.95 Cross Site Scripting
Exploit Title: Network Tracker .95 Stored XSS Date: 08-18-2011 Author: G13 Software link: http://networktracker.org/ Version: .95 ISSUE The application contains a option which allows anyone to create a user. If this option is left enabled an attacker could launch a stored XSS attack against the...
network tracker .95 - Persistent Cross-Site Scripting
network tracker .95 - Persistent Cross-Site Scripting Exploit Title: Network Tracker .95 Stored XSS Date: 08-18-2011 Author: G13 Software link: http://networktracker.org/ Version: .95 ISSUE The application contains a option which allows anyone to create a user. If this option is left enabled an...
network tracker .95 - Persistent Cross-Site Scripting
Exploit Title: Network Tracker .95 Stored XSS Date: 08-18-2011 Author: G13 Software link: http://networktracker.org/ Version: .95 ISSUE The application contains a option which allows anyone to create a user. If this option is left enabled an attacker could launch a stored XSS attack against the...
W78 enterprise website backstage management system ewebeditor5. 5 exploit-vulnerability warning-the black bar safety net
w78CMS enterprise website management system is a set designed for enterprise users to tailor the ASP CMS open source systems While providing a variety of page templates,business website templates,free enterprise web systems,automatic establishment of the station system,all-round business...
Expert: Three Quarters of Employees Duped by Phishing Scams
In the wake of the data breach at e-mail marketing firm Epsilon, the specter looms of widespread phishing attacks on hundreds of millions of e-mail users whose information was stolen from the firm. But according to Aaron Higbee, the Chief Technology Officer at Intrepidus Group, organizations had...
Adgregate ShopAd widget validation is vulnerable to replay attack
Adgregate is a "TechCrunch 50" startup that recently signed a distribution deal with Google/DoubleClick 1. As a service, they offer a "viral widget" intended to be hosted on untrusted third-party sites through which consumers can enter their credit card information. According to their website, th...
SMB Authorization
This script allows users to enter the information required to authorize and login via SMB. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
CVE-2007-3815
Buffer overflow in pirs32.exe in Poslovni informator Republike Slovenije PIRS 2007 allows local users to cause a denial of service application crash and possibly execute arbitrary code via a long search string in certain fields in the GUI. NOTE: this may cross privilege boundaries if PIRS is used...
Multiple Browsers - Tabbed Browsing
Multiple Browsers - Tabbed Browsing Test Your Browser Open the link below in a new tab, then try to type data into form fields on the CitiBank website. Open this Link in New Tab Result: Keystrokes you pressed on the CitiBank website. /textarea // milw0rm.com 2004-10-22...
xNewsletter 1.0 - Form Field Input Validation
xNewsletter 1.0 - Form Field Input Validation source: https://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems...