Design/Logic Flaw

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors...

CVE-2008-2619

The CVE-2008-2619 entry describes an unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server (versions 1.0.2.2, 9.0.4.3, 10.1.2.2) and E-Business Suite 11.5.10.2. It allows remote authenticated users to affect availability via unknown vectors. The connecte...

CVE-2008-2619

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors...

JVN#92651529 Nucleus EUC-JP Japanese Edition vulnerable to cross-site scripting

Nucleus is an open source content management system provided by The Nucleus Group. Nucleus EUC-JP Japanese Edition contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the specific web browser. Solution Update the Software Apply the latest update provided b...

JVN#94163107 Kantan WEB Server cross-site scripting vulnerability

Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...

JVN#79026329 Kantan WEB Server directory traversal vulnerability

Kantan WEB Server is a web server for Windows provided by Arihiro Kurata. Kantan WEB Server contains a directory traversal vulnerability. Impact A remote attacker could view or obtain files on the server where Kantan WEB Server is installed. Solution Update the Software Apply the latest update...

claroline18x-rfi.txt

Claroline 1.8.x Remote File Inclusion Vulnerability By: e.wiZz! Info: Bosnian Idiot FTW! :D ------------cut here------------------- In the wild.... Script: claroline.net Info: Claroline is an Open Source eLearning and eWorking platform allowing teachers to build effective online courses and to...

siol-overflow.txt

========================================================================= SiOL komunikator IM ActiveX stack overflow condition ========================================================================= Release date: 30.7.2008 Severity: Moderately critical Impact: Stack overflow Remote: Yes Status:...

JVN#72065744 K's CGI Access Log Kaiseki (Jcode.pm) vulnerable to cross-site scripting

K's CGI Access Log Kaiseki is a program to analyze access to a web page. analysis.cgi included in Access Log Kaiseki Jcode.pm contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update...

PT-2008-4679 · Sony Ericsson +1 · S800I +4

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.0.x through 1.2.x before 1.2.30 Asterisk Open Source versions 1.4.x before 1.4.21.2 Asterisk Business Edition A.x.x Asterisk Business Edition B.x.x before B.2.5.4 Asterisk Business Edition C.x.x before C.1.10.3...

JVN#49704543 WebProxy from LunarNight Laboratory vulnerable to cross-site scripting

WebProxy is a perl script for web proxy provided by LunarNight Laboratory. WebProxy contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products...

JVN#00945448 Redmine vulnerable to cross-site scripting

Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer...

JVN#77432756 FreeStyleWiki cross-site scripting vulnerability

FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script could be executed if a FreeStyleWiki user views a specially crafted web page with Internet Explorer. Other web browsers that use the Internet Explorer browser engine may also be affected...

Faulty .properties file results in uninitialized memory being used — Mozilla

Mozilla developer Daniel Glazman demonstrated that an improperly encoded .properties file in an add-on can result in uninitialized memory being used. This could potentially result in small chunks of data formerly used by other programs being exposed to the add-on code. If the localized string wer...

Unfixed XSS vulnerability at www.developer-network.org

Security researcher PaPPy, has submitted on 29/06/2008 a cross-site-scripting XSS vulnerability affecting www.developer-network.org, which at the time of submission ranked 2995985 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It i...

EasyWay CMS - mid SQL Injection

EasyWay CMS - mid SQL Injection php '.$argv0.' http://www.site.com 1 '; if $argc == 3 echo "\nExploiting in progress:"; $url = $argv1; $source = filegetcontents$url.'/index.php?mid=null+order+by+100/'; $errorcount = substrcount$source,'not a valid MySQL'; $sql = '/index.php?mid=null+union+select+...

EasyWay CMS - 'mid' SQL Injection

php '.$argv0.' http://www.site.com 1 '; if $argc == 3 echo "\nExploiting in progress:"; $url = $argv1; $source = filegetcontents$url.'/index.php?mid=null+order+by+100/'; $errorcount = substrcount$source,'not a valid MySQL'; $sql = '/index.php?mid=null+union+select+'; for $i = 25; $i=1; $i-- $sour...

Meto Forum 1.1 - Multiple SQL Injections

Meto Forum 1.1 - Multiple SQL Injections -------------------------------------------\ Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable Script : http://www.aspindir.com/goster/5444 Risk : Forum in All users saved password is to take. Coded : Asp , SQL Language = 'Acces'...

Shader TV (Beta) Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Shader TV Beta Multiple Remote SQL Injection Vulnerabilities ============================================================== Shader TV Beta Multiple Remote SQL Injection...

Shader TV (Beta) - Multiple SQL Injections

Shader TV Beta Multiple Remote SQL Ä°njection Vulnerable Script : http://www.aspindir.com/indir.asp?ID=5441 Script : http://rapidshare.de/files/39341463/ShaderTV.zip.html Coded : Asp Lnguae : Acces Discovered By U238 | Friends : ka0x - TheBekiR - Marco Almeida - Erhan Bulut - Caborz : Web -...