Discuz! Cross Site Scripting

hi; All versions of Discuz! have the cross-site vulnerabilities because of the export value of "$referer". Like: Discuz! 7.X Discuz! 6.X Discuz! 5.X Discuz!NT 3.X and so on. There are some htm pages in all versions of Discuz!, that are: /templates/default/attachpay.htm /templates/default/ecrate.h...

"$referer" export lead to the cross-site flaws in all versions of Discuz!

hi; All versions of Discuz! have the cross-site vulnerabilities because of the export value of "$referer". Like: Discuz! 7.X Discuz! 6.X Discuz! 5.X Discuz!NT 3.X and so on. There are some htm pages in all versions of Discuz!, that are: /templates/default/attachpay.htm /templates/default/ecrate.h...

Microsoft WordPerfect 5.x Converter Buffer Overflow (CVE-2004-0573)

The Microsoft Office text editing tools support a number of foreign file formats for compatibility with third party software. The foreign file format support is based on import and export converters. When a text editor needs to read a foreign format file, a converter transforms the file to an...

SA-CONTRIB-2010-014 - Node Export - Arbitrary code execution

The Node export module allows users to export and import nodes. Node export does not warn administrators that users with the "access administration pages" permission together with the "import nodes" permission can execute arbitrary PHP statements during the import operation. Versions affected Nod...

CVE-2009-4486

Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema...

Fedora Core 11 FEDORA-2009-12575 (cacti)

The remote host is missing an update to cacti announced via advisory FEDORA-2009-12575. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora 11 : cacti-0.8.7e-3.fc11 (2009-12575)

This fix contains several official patches from cacti: Command Line Add Graphs Syntax SNMP Invalid Responses Template Import/Export Duplication Cross-Site Scripting Fixes http://www.cacti.net/downloadpatches.php Note that Tenable Network Security has extracted the preceding description block...

NFS export

This plugin lists NFS exported shares, and warns if some of them are readable SPDX-FileCopyrightText: 2009 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Tested on Ubuntu/Debia...

Besides the two ecshop background to get the shell methods-vulnerability warning-the black bar safety net

ecshop background to get the shell method, in addition to the oldjun large cattle that and the last said that, and found two. But each one of the restriction conditions, listen to me one by one. One: ecshop background a function is a sql Query, as shown: ! In fact, the feeling in a management...

Uploading large fonts for PDF export fails with XSRF error

When uploading souizhs.ttf font that we use due to its comprehensive UTF8 support, I'm getting XSRF validation error: quote Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page. quote I tried...

Uploading large fonts for PDF export fails with XSRF error

When uploading souizhs.ttf font that we use due to its comprehensive UTF8 support, I'm getting XSRF validation error: quote Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page. quote I tried...

Uploading large fonts for PDF export fails with XSRF error

When uploading souizhs.ttf font that we use due to its comprehensive UTF8 support, I'm getting XSRF validation error: quote Your request could not be processed because a required security token was not present in the request. You may need to re-submit the form or reload the page. quote I tried...

Open 3 3 8 9 unable to login the 5 types of reasons-vulnerability warning-the black bar safety net

1, The server in the internal network. 2, the tcp/ip filtering. First execute the following cmd command: cmd /c regedit-e c:\1.reg HKEYLOCALMACHINE\SYSTEM\ControlSet001\Services\Tcpip export the registry concerning the TCP/IP filtering in the first place cmd /c regedit-e c:\2.reg...

Php AdminPanel Free version 1.0.5 Remote File Disclosure Vuln

No description provided by source. Php AdminPanel Free version 1.0.5 Remote File Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...

Fedora 10 : phpMyAdmin-3.2.0.1-1.fc10 (2009-7340)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...

Fedora 9 : phpMyAdmin-3.2.0.1-1.fc9 (2009-7337)

The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...

[SECURITY] Fedora 10 Update: phpMyAdmin-3.2.0.1-1.fc10

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

GLSA-200906-03 : phpMyAdmin: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200906-03 phpMyAdmin: Multiple vulnerabilities Multiple vulnerabilities have been reported in phpMyAdmin: Greg Ose discovered that the setup script does not sanitize input properly, leading to the injection of arbitrary PHP code...

XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...

XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...