Cross site scripting

Cross-site scripting XSS vulnerability in WoltLab Community Framework WCF 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the 1 page and 2 form parameters, which are not properly handled when they are reflected back in an error message...

CVE-2003-1555

ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message...

DEBIAN-CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

CVE-2008-0063

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

krb5: possible leak of sensitive data from krb5kdc using krb4 request

The Kerberos 4 support in KDC in MIT Kerberos 5 krb5kdc does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."...

Information disclosure

Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...

CVE-2008-1181

Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...

CVE-2008-1181

Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message...

CVE-2008-1165

Flyspray 0.9.9–0.9.9.4 is affected by multiple XSS vulnerabilities. The issues arise from improper sanitization in task summaries and related parameters: (1) forced SQL error messages, (2) old_value/new_value fields, and specifically the item_summary parameter in index.php?do=details. These flaws...

CVE-2008-1166

CVE-2008-1166 relates to Flyspray 0.9.9.4, where authentication errors reveal whether a username is valid or invalid. The description in the CVE entry and corroborating records state that this behavior enables remote attackers to enumerate usernames. The connected documents corroborate Flyspray a...

CVE-2008-1166

Flyspray 0.9.9.4 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames...

Information disclosure

Spyce - Python Server Pages PSP 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message...

CVE-2003-1543

Cross-site scripting XSS vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message...

Trusted authentication doesn't work for Confluence users with uppercase usernames

Trying to use the trusted authentication feature of the Jiraissues macro doesn't work when a user's username is uppercase. JIRA shows the following in its log: quote 2008-01-23 13:59:48,104 INFO STDOUT 2008-01-23 13:59:48,104 ajp-0.0.0.0-6103-8 WARN atlassian.seraph.filter.TrustedApplicationsFilt...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...

CVE-2008-0605

Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...

CVE-2008-0605

Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...

WordPress Plugin dmsguestbook 1.7.0 - Multiple Vulnerabilities

WordPress Plugin dmsguestbook 1.7.0 - Multiple Vulnerabilities Wordpress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities by NBBN 2nd, February 2008 1 File Disclosure Open the following url you can see the config data of wordpress, with the mysql-server username and password. In this fil...

ImageShack Toolbar 4.5.7 - FileUploader Class InsecureMethod

ImageShack Toolbar 4.5.7 - FileUploader Class InsecureMethod suntzu.BuildSlideShow "file:///c:\xpwallpaperglass.jpg","Big",1,"uhuhinterestingprivatethings","Fade","White" suntzu.BuildSlideShow "file:///c:\boot.ini", "Big",1,"uhuhinterestingprivatethings...