CVE-2019-11537

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...

EUVD-2003-1507

Malware in sbrugna...

EUVD-2012-1602

Malware in sbrugna...

Squid < 2.5.STABLE8 Malformed Host Name Error Message Information Disclosure

According to its banner, the version of Squid running on the remote host is prior to 2.5.STABLE8. It is, therefore, affected by an information disclosure vulnerability due to improper handling of malformed host names. An unauthenticated, remote attacker can exploit this issue to disclose the...

CVE-2004-1970

Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message...

Dansie Shopping Cart Discloses Installation Path to Remote Users

Indonesia Security Development Team Advisory Dansie Shopping Cart Discloses Installation Path to Remote Users ================================================================ Advisory Name: Dansie Shopping Cart Discloses Installation Path to Remote Users Release Date: 5:21 AM 10/20/03 Application...

Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure

Vignette StoryServer 4.1 - Sensitive Stack Memory Information Disclosure source: https://www.securityfocus.com/bid/7296/info It has been reported that Vignette StoryServer, under some circumstances may reveal stack memory content. If a specially crafted request is made for a page that accepts...

Sage 1.0 Beta 3 - Content Management System Full Path Disclosure

source: https://www.securityfocus.com/bid/6893/info Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation directory. Disclosed path information...

Aestiva HTMLOS 2.4 - Cross-Site Scripting

Aestiva HTMLOS 2.4 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5618/info Aestiva HTML/OS is a database engine and development suite for building websites and web-based software products. HTML/OS does not sufficiently sanitize metacharacters from error message output. In...

CVE-2002-0445

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message...

CGIScript.net - &#039;csPassword.cgi&#039; 1.0 Information Disclosure

source: https://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses potentially sensitive information ...

CVE-2000-0746

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting CSS attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those...