3856 matches found
Apache Tomcat 3.1 Path Revealing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of...
Debian Linux 2.1,Linux kernel 2.2/2.3,RedHat Linux 6.0,S.u.S.E. Linux 6.1 IP Options Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/302/info A vulnerability in the Linux Kernel's IPv4 option processing may allow a remote user to crash the system. The vulnerability is the result of the kernel freeing a socket buffer when it shouldn't while sending an...
Macromedia ColdFusion MX 6.0 Error Message Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7443/info A vulnerability has been reported for Macromedia ColdFusion MX that may reveal the physical path information to attackers. When certain malformed URL requests are received by the server, an error message is...
Fastream NetFile 6.0.3 .588 Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8908/info It has been reported that a cross-site scripting vulnerability may exist in NetFile that may allow remote attackers to execute HTML or script code in a user's browser. The issue is reported to occur due to a 404...
Quicktime Player <= 7.3.1.70 (rtsp) Buffer Overflow Vulnerability
No description provided by source. Luigi Auriemma Application: Quicktime Player http://www.apple.com/quicktime Versions: = 7.3.1.70 Platforms: Windows and Mac Bug: buffer-overflow Exploitation: remote Date: 10 Jan 2008 Thanx to: swirl for the help during the re-testing of the bug Author: Luigi...
HostAdmin 0 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8401/info HostAdmin is prone to a path disclosure vulnerability. Passing invalid data to the HostAdmin site will cause an error message to be displayed, which contains installation path information...
Microsoft Internet Explorer 6.0 Resource Detection Weakness
No description provided by source. source: http://www.securityfocus.com/bid/11026/info Microsoft Internet Explorer is prone to a security weakness that may permit an attacker to determine the existence of resources on a vulnerable computer. An attacker can use an IFRAME that is accessible within...
PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4333/info PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously...
IBM Net.Data 7.0/7.2 db2www Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9488/info IBM Net.Data is prone to cross-site scripting attacks via error message output. This may permit a remote attack to create a link to a system hosting the software that includes embedded HTML and script code. This...
C-Cart 1.0 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8368/info C-Cart is prone to a path disclosure vulnerability. Passing invalid data as a URI parameter to several C-Cart scripts will cause an error message to be displayed, which contains installation path information...
CXF: HTML content posted to SOAP endpoint could cause OOM errors
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly...
RelateIQ: SSRF (Portscan) via Register Function (Custom Server)
Hi, the custom server option during registration allows performing portscans or "Server Side Request Forgery" from "relateiq" systems to external and potential internal systems. the following is a sample request used excluding cookies: POST /app/GWT.rpc HTTP/1.1 Host: app.relateiq.com User-Agent:...
openSUSE Security Update : mozilla-nss (openSUSE-2011-100) (BEAST)
Added a patch to fix errors in the pkcs11n.h header file. bmo702090 - update to 3.13.1 RTM - better SHA-224 support bmo647706 - fixed a regression causing hangs in some situations introduced in 3.13 bmo693228 - update to 3.13.0 RTM - SSL 2.0 is disabled by default - A defense against the SSL 3.0...
Operation was canceled by user
Challenge Job fails with error message: Error Operation was canceled by user Cause The two main causes of this error are: 1. A backup window has been configured within the job. 2. The user canceled the job. Solution If the issue was caused by a backup window, please reconfigure the backup window...
Localize: Bug on registration as new Translator user
It tells me "Please make sure to enter a valid password and to re-type the verification correctly", I selected "Translator", entered my username as "tarzxvf", entered the password as "tarzxvfismypassword" im just wondering where the verification is? And my suggestion you can use modal when tellin...
Design/Logic Flaw
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...
CVE-2013-4728
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. dot dot in the "l" parameter, which reveals the installation path in an error message...
CVE-2013-1804
Multiple cross-site scripting XSS vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the 1 highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the...
CVE-2014-2890
Cross-site scripting XSS vulnerability in the wraphtml function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openiderror parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error...
Cross site scripting
Cross-site scripting XSS vulnerability in the wraphtml function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openiderror parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error...