SOL6920 - Cross-site scripting vulnerabilities

Multiple cross-site scripting XSS vulnerabilities exist in the FirePass Administrative Console pages. The affected FirePass URLs fail to fully sanitize certain URL arguments before the requested web page content is returned to the browser. It is possible for an attacker to create web pages, email...

RFC2196

Network Working Group B. Fraser Request for Comments: 2196 Editor FYI: 8 SEI/CMU Obsoletes: 1244 September 1997 Category: Informational Site Security Handbook Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind...

CVE-2006-6737

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

CVE-2006-6745

Multiple unspecified vulnerabilities in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, and Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges,...

CVE-2006-6731

Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...

CVE-2006-6737

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

CVE-2006-6745

Multiple unspecified vulnerabilities in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, and Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges,...

CVE-2006-6731

CVE-2006-6731 describes multiple buffer overflow vulnerabilities in Sun JDK/JRE 5.0 Update 7 and earlier, J2SE 1.4.2_12 and earlier (1.4.x), and JRE/JDK 1.3.1_18 and earlier. The issues affect Java applets’ ability to read, write, or execute local files, with root causes including (1) integer ove...

CVE-2006-6731

Multiple buffer overflows in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 7 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allow attackers to develop Java applets that read, write, or execute...

Phorum 3.2.11 - common.php Remote File Inclusion

Phorum 3.2.11 - common.php Remote File Inclusion =========================================================== Yee7TeaM WwW.Yee7.CoM =========================================================== Software: Phorum v3.2.11 Vendor: http://www.phorum.org/ Download: http://skrypty.webpc.pl/pobierz274.html...

Cyberfolio <= 2.0 RC1 (av) Remote File Include Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion...

Soholaunch Pro 4.9 r36 - Remote File Inclusion

Soholaunch Pro 4.9 r36 - Remote File Inclusion \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File...

Cyberfolio 2.0 RC1 - 'av' Remote File Inclusion

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion Vulnerability...

PHP多个安全漏洞.

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP中存在多个安全漏洞，具体如下： 1 fileexists、imapopen和imapreopen函数中缺少safemode和openbasedir验证； 2 在64位系统上strrepeat和wordwrap函数存在边界错误； 3 可通过cURL扩展和realpath缓存绕过openbasedir和safemode保护机制； 4 GD扩展处理畸形GIF图形时存在边界条件错误； 5 stripos函数中的错误可能导致界外内存读取； 6 64位系统上存在错误的memorylimit限制。...

Microsoft Internet Explorer远程HTA执行漏洞（MS06-013）

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer处理HTA的方式存在漏洞，远程攻击者可能利用此漏洞在客户机器上执行任意代码。 Internet Explorer中初始化HTML应用（HTA）的方式可能绕过安全控制，允许执行HTA而不在Internet Explorer中显示正常的安全对话框。攻击者可以通过创建恶意的Web页面来利用这个漏洞。如果用户访问了该页面，就会导致执行任意代码。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer...

PHP ZendEngine ECalloc整数溢出漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP内存处理例程ecalloc函数中存在整数溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行指令。 如果脚本能够导致基于不可信任用户数据的内存分配的话，远程攻击者就可以通过发送特制的请求导致以apache用户的权限执行任意指令。 PHP PHP = 5.1.6 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 2.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载...

QK SMTP远程栈溢出漏洞

QK SMTP Server是一款SMTP（简单邮件传输协议）服务器软件。 QK SMTP Server在处理用户命令参数时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 QK SMTP Server在处理传送给“RCPT TO:”命令的参数时存在栈溢出漏洞，远程攻击者可以通过向服务器发送超长参数导致执行任意指令。 QKSoft QK SMTP 3.1.0 Beta QKSoft QK SMTP 3.0.1 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.qksoft.com/ /...

Netscape Enterprise Server 4.0/sparc/SunOS 5.7 Remote Exploit

No description provided by source. !/usr/bin/perl Remote sploit for Netscape Enterprise Server 4.0/sparc/SunOS 5.7 usage: ns-shtml.pl 'command line' | nc victim port Sometimes server may hang or coredump.. eek ;- [email protected] $cmdline="echo 'ingreslock stream tcp nowait root /bin/sh sh -...

ColdFusion MX Remote Development Service Exploit

No description provided by source. !/usr/bin/perl RDScDump.pl By angry packet THIS IS AN UNPATCHED VULNERABILITY - THIS IS AN UNPATCHED VULNERABILITY ColdFusion 6 MX Server does several things in order to get remote dir structure so we will need to recreate these functions. This is a "almost"...

PHPmybibli 3.0.1 - Multiple Remote File Inclusions

PHPmybibli 3.0.1 - Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File...