Design/Logic Flaw

Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to loadflv.js.php, which reveals the installation path in an error message...

CVE-2014-10005

CVE-2014-10005 affects Maian Uploader 4.0. The issue arises when requesting load_flv.js.php without the required height parameter, which may cause an error message that reveals the installation path. This is a potential information disclosure in the affected component (load_flv.js.php). The docum...

Information disclosure

templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

Information disclosure

The 1 templatewrap/templatefoot.php, 2 cmsjs/plugin.js.php, and 3 cmsincludes/cmspluginapilink.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

IBM Informix Dynamic Server Long Username Authentication Error Stack Overflow - Ver2 (CVE-2006-3854)

A buffer overflow vulnerability has been reported in IBM Informix Dynamic Database Server. An attacker could exploit this vulnerability via a long username, which causes an overflow in vsprintf when displaying in the resulting error message. Successful exploitation of this vulnerability could all...

Doyo建站 SQL注入

简要描述： 两头牛在一起吃草，青牛问黑牛：“喂！你的草是什么味道？” 黑牛道：“草莓味！” 青牛靠过来吃了一口，愤怒地喊到：“你骗我！” 黑牛轻蔑地看他一眼，回道：“笨蛋，我说草没味。” 详细说明： 1 source\message.php function add if$GLOBALS'GDY''vercode'==1 if!$this-syArgs"vercode",1||md5strtolower$this-syArgs"vercode",1!=$SESSION'doyoverify'message"验证码错误"; if!$this-syArgs'tid'message"请选择栏目...

CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

Replication job task fails with "Cannot process VM, template processing is disabled"

Challenge A Replication job displays the following error message for a VM that was previously able to be replicated: Task failed. Error: Cannot process vm-: template processing is disabled Copy Cause This issue occurs when a VM that was added to a replication job is converted to a template...

CVE-2014-8788

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message...

Design/Logic Flaw

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message...

CVE-2014-8788

GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message...

Information disclosure

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

Restricted page at the Home Page layer is shown at the sidebar page tree

h3. Problem The page which is restricted to user A only is shown on the page tree and the left sidebar when the page is at the top level of the page tree which is at the same level at the home page. This is replicable on my dev instance. Create a test space. Create Page A and make sure the locati...

CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

Design/Logic Flaw

lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngo...

Aardvark Topsites PHP 5.2 Cross Site Scripting / Local File Inclusion

Aardvark Topsites PHP 5.2 Multi Vulnerability ============================================= Author : indoushka Vondor : www.p30vel.ir http://www.aardvarktopsitesphp.com/ http://www.avatic.com/ Dork : My Topsites List - Powered by Aardvark Topsites PHP 5.2.1 ======================================...

Code injection

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote...

CVE-2014-4765

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote...