Havij Persistent <=v1.10 XSS Vulnerability

Exploit for php platform in category web applications ========================================== Havij Persistent =v1.10 XSS Vulnerability ========================================== Exploit Title: Havij Persistent XSS =v1.10 Date: 15/6/2010 Author: hexon Version: 1.10 and below Tested on: Windows...

Only strings are encoded

The XML encoder only encodes strings. This could make Confluence return non encoded content. This issue is rated HIGH. Please see http://confluence.atlassian.com/x/ZILmD for more security related issue and more information on how we rate issues...

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

Changing system locale means users with non-ASCII characters in their passwords cannot authenticate

The OSUser and Atlassian-User authenticators used by Confluence convert a password into bytes before hashing it. This conversion doesn't specify which encoding should be used, so the system's default encoding is used. If the system administrator changes the locale settings on the server or change...

CVE-2009-4459

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting XSS attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as...

CVE-2009-4459

Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting XSS attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as...

Smart PHP Subscriber Disclosure

----------------------------------------------------------------------------------------------- Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...

Smart PHP Subscriber Multiple Disclosure Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Smart PHP Subscriber Multiple Disclosure Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...

DEBIAN-CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

CVE-2009-2942

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...

SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 6114)

Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding. CVE-2009-0922 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

Pidgin Multiple Denial Of Service Vulnerabilities (Windows)

This host has Pidgin installed and is prone to multiple Denial of Service vulnerabilities. Vulnerabilities Insight: - An error in libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple can trigger a NULL-pointer dereference when processing TOPIC messages which lack a topic string....

CVE-2009-2814

CVE-2009-2814 affects Apple Mac OS X 10.5.x Wiki Server: a cross-site scripting vulnerability occurs when the search request contains non-UTF-8 data, allowing remote attackers to inject script/HTML in Wiki Server. Exploitation details are not provided beyond the XSS description in the sources, bu...

MailEnable 1.52 HTTP Mail Service Stack BOF Exploit PoC

No description provided by source. / MailEnable 1.52 HTTP Mail Service Stack Overflow POC Exploitencoded comand Debugging Info szAppName : MEHTTPS.EXE szAppVer : 1.0.0.1 szModName : MEHTTPS.EXE szModVer : 1.0.0.1 offset : 00010c21 Files that caused error :...

openSUSE Security Update : postgresql (postgresql-675)

Remote authenticated users could crash the postgresql server by requesting a conversion with an inappropriate encoding CVE-2009-0922. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

Month Of Twitter Bugs - TweetMeme XSS

Tuesday, July 14, 2009 MoTB 14: Reflected XSS in TweetMeme What is TweetMeme "TweetMeme is a service which aggregates all the popular links on twitter to determine which links are popular. TweetMeme is able to categorize these links into categories and subcategories, making it easy to filter out...

Peep worms soul-ShellCode-exploit-warning-the black bar safety net

Despite the vulnerability in the widely circulated before Microsoft introduced the corresponding patches, but numerous careless administrator or to hacker and worm writers to. On a network of tens of thousands with vulnerability tenacious running the server become hacker and Vxer targets, want to...

PostgreSQL Conversion Encoding Remote DoS Vulnerability (Mar 2009)

PostgreSQL is prone to a remote denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MDVA-2008:011 : kdelibs

Due to bad encoding, accented letters appeared on the KDE menu and kicker as strange symbols rather than the actual letters. This update fixes the issue and properly displays those letters. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a...