JVN#77432756 FreeStyleWiki cross-site scripting vulnerability

FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed if a FreeStyleWiki user views a specially crafted web page with Internet Explorer. Other web browsers that use the Internet Explorer browser engine may also be affected...

Faulty .properties file results in uninitialized memory being used — Mozilla

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string wer...

Unfixed XSS vulnerability at www.developer-network.org

Security researcher PaPPy, has submitted on 29/06/2008 a cross-site-scripting XSS vulnerability affecting www.developer-network.org, which at the time of submission ranked 2995985 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It i...

EasyWay CMS - mid SQL Injection

EasyWay CMS - mid SQL Injection php '.$argv0.' http://www.site.com 1 '; if $argc == 3 echo "\nExploiting in progress:"; $url = $argv1; $source = filegetcontents$url.'/index.php?mid=null+order+by+100/'; $errorcount = substrcount$source,'not a valid MySQL'; $sql = '/index.php?mid=null+union+select+...

EasyWay CMS - 'mid' SQL Injection

php '.$argv0.' http://www.site.com 1 '; if $argc == 3 echo "\nExploiting in progress:"; $url = $argv1; $source = filegetcontents$url.'/index.php?mid=null+order+by+100/'; $errorcount = substrcount$source,'not a valid MySQL'; $sql = '/index.php?mid=null+union+select+'; for $i = 25; $i=1; $i-- $sour...

Meto Forum 1.1 - Multiple SQL Injections

Meto Forum 1.1 - Multiple SQL Injections -------------------------------------------\ Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable Script : http://www.aspindir.com/goster/5444 Risk : Forum in All users saved password is to take. Coded : Asp , SQL Language = 'Acces'...

Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Shader TV Beta Multiple Remote SQL Injection Vulnerabilities ============================================================== Shader TV Beta Multiple Remote SQL Injection...

Shader TV (Beta) - Multiple SQL Injections

Shader TV Beta Multiple Remote SQL Ä°njection Vulnerable Script : http://www.aspindir.com/indir.asp?ID=5441 Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html Coded : Asp Lnguae : Acces Discovered By U238 | Friends : ka0x - TheBekiR - Marco Almeida - Erhan Bulut - Caborz : Web -...

PT-2008-3425 · Digium +1 · Appliance Developer Kit +4

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.27 and versions 1.4.x through 1.4.18 Asterisk Business Edition versions A.x.x through B.2.5.1 and versions C.x.x through C.1.8.0 AsteriskNOW versions prior to 1.0.3 Appliance Developer Kit...

W1L3D4 Philboard 1.0 (philboard_reply.asp) SQL Injection Vulnerability

No description provided by source. Philboard W1L3D4 v1.0 Multiple SQL njection Vulnerable Author : U238 mail : setuid.noexec0x1aqhotmaildotcom webpage: http://noexec.blogspot.com Script : http://www.aspindir.com/Goster/4703 Script2: http://rapidshare.de/files/39107179/philboardtrge.zip.html...

CVE-2008-1390

The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values...

CVE-2008-0912

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via a long 1 username, 2...

Heap overflow

Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via a long 1 username, 2...

CVE-2008-0912

CVE-2008-0912 is a vulnerability in Sybase MobiLink (mlsrv10.exe) affecting 10.0.1.3629 and earlier, used by SQL Anywhere Developer Edition 10.0.1.3415 and possibly other products. The issue: multiple heap-based buffer overflows triggered by processing overly long strings (username, version, remo...

[SECURITY] Fedora 8 Update: rb_libtorrent-0.12-3.fc8

rblibtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient in terms of CPU and memory usage as we...

[SECURITY] Fedora 8 Update: rb_libtorrent-0.12-3.fc8

rblibtorrent is a C++ library that aims to be a good alternative to all the other BitTorrent implementations around. It is a library and not a full featured client, although it comes with a few working example clients. Its main goals are to be very efficient in terms of CPU and memory usage as we...

JVN#33044255 GreaseKit and Creammonkey allows execution of userscript functions

GreaseKit and Creammonkey are plugins that enable user scripting to Safari and other Apple Webkit applications, and they provide APIs callable only from userscripts. GreaseKit and Creammonkey are vulnerable in allowing APIs called from a web page. Impact When a user views a specially crafted web...

adaimage-traverse.txt

Luigi Auriemma Application: Ada Image server ImgSvr http://adaimgsvr.sourceforge.net Versions: From developer's website: "ImgSvr is a personal or corporate Embedded Picture Web Server that let's you efficiently browse digital pictures. Contrary to other gallery systems, imgsvr aimed to be an easy...

CVE-2007-6104

The CVE-2007-6104 issue affects FileMaker Pro 7/8, Server 7/8, and Developer 7, with a cross-site scripting vulnerability in the Instant Web Publishing function. The root cause is an XSS flaw allowing injected scripts/HTML via unspecified vectors. Documented impact: arbitrary script execution in ...

JVN#55833292 FileMaker cross-site scripting vulnerability

FileMaker is database software from FileMaker, Inc. FileMaker contains a cross-site scripting vulnerability in its "Instant Web Publishing" function that enables users to publish database contents on the web. Impact An attacker could execute an arbitrary script on the web browser of a user who...