CVE-2005-4256

CVE-2005-4256 describes a cross-site scripting (XSS) vulnerability in ASP-DEV XM Forum RC3, specifically in forum.asp where the forum_title parameter can inject arbitrary script/HTML. Affected item is XM Forum RC3 (forum.asp handling). The core issue is an XSS in the forum_title parameter, enabli...

CVE-2005-4165

Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the 1 forumid parameter to forum.asp, 2 unspecified parameters to register.asp, and 3 the "Search For" field in search.asp...

CVE-2005-4165

CVE-2005-4165 affects ASP-DEV ASP Resources Forum. The vulnerability allows remote SQL injection through (1) forum_id in forum.asp, (2) unspecified params in register.asp, and (3) the Search For field in search.asp, enabling arbitrary SQL execution. The NVD notes a base score of 7.5 (HIGH) with n...

CVE-2005-4165

Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the 1 forumid parameter to forum.asp, 2 unspecified parameters to register.asp, and 3 the "Search For" field in search.asp...

CVE-2002-2197

Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service kernel panic via a program that uses /dev/poll, triggering a NULL pointer dereference...

CVE-2002-2197

CVE-2002-2197 affects Sun Solaris 8.0. A local user can trigger a kernel panic by running a program that uses /dev/poll, causing a NULL pointer dereference in the kernel. The provided connected documents confirm the vulnerable component and the root cause (NULL pointer dereference via /dev/poll),...

[SA17537] Dev-Editor Virtual Root Directory Restriction Bypass

TITLE: Dev-Editor Virtual Root Directory Restriction Bypass SECUNIA ADVISORY ID: SA17537 VERIFY ADVISORY: http://secunia.com/advisories/17537/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Dev-Editor 3.x http://secunia.com/product/6093/ DESCRIPTION: A security issue...

linux/x86 snoop /dev/dsp shellcode 172 bytes

linux/x86 snoop /dev/dsp shellcode 172 bytes. Shellcode exploit for linx86 platform / Placed the listener here http://www.milw0rm.com/down.php?id=1293 /str0ke / / hey folks, this is snoopshell, short and simply it snoops on /dev/dsp and after attempting to lower the audio quality will stream any...

ASP-DEv XM Forum IMG Tag Script Injection Vulnerability

The remote web server contains an ASP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running the ASP-DEV XM Forum. There is a flaw in the remote software which may allow anyone to inject arbitrary HTML and script code through the BBCode IMG...

CVE-2005-3334

CVE-2005-3334 concerns Flyspray, a lightweight bug-tracking web app. The vulnerability affects Flyspray 0.9.7 through 0.9.8 (devel) and is a cross-site scripting (XSS) flaw in the index.php page. An attacker can inject arbitrary web script or HTML via multiple parameters (PHPSESSID, task, string,...

[SECURITY] [DSA 815-1] New kdebase packages fix local root vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 815-1 [email protected] http://www.debian.org/security/ Martin Schulze September 16th, 2005 http://www.debian.org/security/faq -...

CVE-2005-2533

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service memory exhaustion via a flood of packets with a large number of spoofed MAC addresses...

[SA16422] Bloodshed Dev-Pascal NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA16420] Dev-PHP NULL Character File Display Weakness

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2002-1826

grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory...

Entropy Gathering Daemon (EGD) Detection

The Entropy Gathering Daemon is running on the remote host. EGD is a user space random generator for operating systems that lack /dev/random %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; ifdescription scriptid18393; scriptversion"1.15"...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...

CVE-2005-1399

CVE-2005-1399 affects FreeBSD 4.6–4.11 and 5.x–5.4, where insecure default permissions on the /dev/iir device allow unprivileged local users to issue restricted ioctl calls to access or modify data on hardware managed by the iir driver. This results in partial impacts to confidentiality, integrit...

CVE-2005-1399

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver...