SimpGB version 1.46.02 File Content Disclosure Vulnerability

netVigilance Security Advisory 65 SimpGB version 1.46.02 File Content Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

simpnews24103-xss.txt

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

SimpGB version 1.46.02 Information Disclosure Vulnerability

netVigilance Security Advisory 66 SimpGB version 1.46.02 Information Disclosure Vulnerability Description: SimpGB is a guestbook with data stored in MySQL, administration interface and support for multiple languages. Features: Data stored in MySQL, Administration interface, Support for multiple...

PT-2007-6064 · Phportal · Phportal

Name of the Vulnerable Software and Affected Versions: PHPortal version 0.2.7 Description: A remote file inclusion issue in form/db form/employee.php allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT parameter. However, it is noted that this issue is disputed...

Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 38 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user wit...

Symantec Veritas Storage Foundation Scheduler Service (VxSchedService.exe) Remote Code Execution

The remote host is running a version of Symantec Storage Foundation for Windows that is vulnerable to a remote scheduler service access. An attacker may exploit this flaw to modify or create scheduled commands and gain a full access to the system. To exploit this flaw, an attacker would need to...

GLSA-200703-07 : STLport: Possible remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200703-07 STLport: Possible remote execution of arbitrary code Two buffer overflows have been discovered, one in 'print floats' and one in the rope constructor. Impact : Both of the buffer overflows could result in the remote...

security flaw

The devqueuexmit function in Linux kernel 2.6 can fail before calling the localbhdisable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable...

Multiple GnuPG potential vulnerabilities

Multiple potential buffer overflow and integer overflow with unknonwn exploitability...

[Full-disclosure] DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php

DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php Description: The DigiOz Guestbook is a PHP driven guestbook system. The vulnerability exists in list.php script which allows remote attackers to obtain sensitive information via an HTTP request to list.php that contains wrong...

Heap overflow possible in UTF8 to Unicode conversion — Mozilla

It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a...

IBM Lotus Notes/Domino Square Brackets Encoding Failure XSS

The remote server is vulnerable to cross-site scripting, when requesting a .nsf file with html arguments, as in : GET /FormReflectingURLValue?OpenForm&Field=XSS %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid15514...

Debian DSA-213-1 : libpng - buffer overflow

Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG Portable Network Graphics format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row...

Debian DSA-272-1 : dietlibc - integer overflow

eEye Digital Security discovered an integer overflow in the xdrmemgetbytes function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the...

BasiliX Message Content XSS

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a result, an attacker can include arbitrary HTML and script code in a message and have that code executed b...

phpBB < 2.0.10 Multiple XSS

The remote host is running a version of phpBB older than 2.0.10. phpBB contains a flaw that allows a remote cross-site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'searchauthor' parameter. This version is also vulnerable to an HTTP...

Solaris 8 (sparc) : 110075-03

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Filesystem. Supported versions that are affected are 8 and 9. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized...

Mambo Site Server itemid Parameter XSS

An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid12045; scriptversion"1.20";...

Opera < 7.22 Multiple Vulnerabilities

The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host is affected by several issues. One may allow an attacker to drop arbitrary files with arbitrary names on this host; another may allow an attacker to traverse directories on the affected...

MyAbraCadaWeb header.php ma_kw Parameter XSS

The remote host seems to be running MyAbraCadaWeb. An attacker may use it to perform a cross-site scripting attack on this host, or to reveal the full path to its physical location by sending a malformed request. %NASLMINLEVEL 70300 C Tenable Network Security, Inc Message-ID: From: "Gregory" Le...