DEBIAN-CVE-2009-1273

pamssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames...

CVE-2009-0842

mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink...

Cross site scripting

Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...

CVE-2009-1175

Cross-site scripting XSS vulnerability in apps/web/vsdiag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message...

CVE-2009-1175

CVE-2009-1175 is a cross-site scripting vulnerability in Banshee's DAAP extension (version 1.4.2) affecting apps/web/vs_diag.cgi where the server parameter is not properly handled in error messages. This allows remote script/HTML injection. Exploitation details are not provided in the supplied do...

CVE-2009-1175

Removed by vendor...

PostgreSQL DoS

Stack overflow on error message conversion...

PostgreSQL Error Message Conversion Remote DoS

Binary data 4957.prm...

Cross site request forgery (csrf)

The jumpUrl mechanism in class.tslibfe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret juHash in an error message, which allows remote attackers to read arbitrary files by including the hash in a request...

CVE-2009-0815

The jumpUrl mechanism in class.tslibfe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret juHash in an error message, which allows remote attackers to read arbitrary files by including the hash in a request...

CVE-2009-0815

TYPO3 jumpUrl File Disclosure (CVE-2009-0815) affects TYPO3 3.3.x–3.8.x and some 4.x lines (up to 4.3alpha1). The flaw leaks a hash secret (juHash) in error messages, enabling remote attackers to read arbitrary server files by including the hash in a request. Connected advisories (GHSA/CIRCL/NVD/...

CVE-2009-0747

The ext4isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the isizehigh structure member during operations on arbitrary types of files, which allows local users to cause a denial of service CPU consumption and error-message flood by...

CVE-2009-0747

The CVE-2009-0747 issue affects the Linux kernel’s ext4_isize helper in fs/ext4/ext4.h, exposing a denial-of-service risk when a local user mounts a crafted ext4 filesystem. The vulnerability arises from using the i_size_high structure member during operations on arbitrary file types, potentially...

CVE-2008-6279

RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...

CVE-2008-6279

Vulnerability: RakhiSoftware Price Comparison Script (Shopping Cart) exposes installation path in error messages via an invalid PHPSESSID cookie, enabling remote disclosure of sensitive information. Affected: RakhiSoftware Price Comparison Script; root cause: PHPSESSID handling leads to error det...

CVE-2008-6279

RakhiSoftware Price Comparison Script aka Shopping Cart allows remote attackers to obtain sensitive information via an invalid PHPSESSID cookie, which reveals the installation path in an error message...

Design/Logic Flaw

images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message...

SuSE 10 Security Update : net-snmp (ZYPP Patch Number 5807)

Remote attackers could crash net-snmp via GETBULK-Request. CVE-2008-4309 In addition the following non-security issues have been fixed : - typo in error message. bnc439857 - fix duplicate registration warnings on startup. bnc326957 - container insert errors reproducable with shared ip setups...

phpAddEdit 1.3 Local File Inclusion

phpaddedit-1.3 LFI Author: nuclear script:http://sourceforge.net/projects/phpaddedit/ vuln:http://target.com/addedit-render.php?editform=../../../../../../../etc/passwd%00 vulnerable code: if !$formname && $GET"editform" $formname = $GET"editform"; ... if $errormessage || $error ||...

Manual crack fast flash reduction-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） Article author: monsterok（monster） Go to the cafe Internet, I downloaded a half-day things, can let I accidentally put the computer the power to kick, because the cafe machine is installed restore, reboot after everything...