4495 matches found
CVE-2007-3605
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function...
[SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation
------------------------------------------------------------------------ Debian Security Advisory DSA-1329-1 [email protected] http://www.debian.org/security/ Steve Kemp July 05, 2007 - ------------------------------------------------------------------------ Package : gfax Vulnerability :...
CVE-2006-7009
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors...
DSA-1190-1 maxdb-7.5.00
Bulletin has no description...
[Full-disclosure] [scip_Advisory 2352] F5 FirePass 4100 prior 6.x multiple Cross Site Scripting
F5 FirePass 4100 prior 6.x multiple Cross Site Scripting scip AG Vulnerability ID 2352 07/04/2006 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=2352 I. INTRODUCTION F5 FirePass is an appliance which allows a remote communication between SSL-VPN endpoints. This secure connectivity to corporate...
FreeBSD : Joomla -- multiple vulnerabilities (1f935f61-075d-11db-822b-728b50d539a3)
Joomla Site reports : - Secured 'Remember Me' functionality against SQL injection attacks - Secured 'Related Items' module against SQL injection attacks - Secured 'Weblinks' submission against SQL injection attacks - Secured SEF from XSS vulnerability - Hardened frontend submission forms against...
Usenet Script v0.5
Usenet Script v0.5 Homepage: http://www.metalhead.ws/usenet Description: "Those scripts allow you to mirror a Newsgroup in an SQL database. The development database was Postgresql, but it uses dbx and should therefore be able to work with other database systems, too. Furthermore, a frontend is...
Joomla -- multiple vulnerabilities
Joomla Site reports: Secured "Remember Me" functionality against SQL injection attacks Secured "Related Items" module against SQL injection attacks Secured "Weblinks" submission against SQL injection attacks Secured SEF from XSS vulnerability Hardened frontend submission forms against spoofing...
GLSA-200606-06 : AWStats: Remote execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200606-06 AWStats: Remote execution of arbitrary code Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the 'migrate' paramete...
AWStats: Remote execution of arbitrary code
Background AWStats is an advanced log file analyzer and statistics generator. Description Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the "migrate" parameter. Additionally, r0t has...
CVE-2006-2815
Multiple cross-site scripting XSS vulnerabilities in Two Shoes M-Factory TSMF SimpleBoard 1.1.0 Stable aka comsimpleboard, as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in "post ne topic" in the Frontend, 2 the Title aka...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Two Shoes M-Factory TSMF SimpleBoard 1.1.0 Stable aka comsimpleboard, as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in "post ne topic" in the Frontend, 2 the Title aka...
CVE-2006-2815
Multiple cross-site scripting XSS vulnerabilities in Two Shoes M-Factory TSMF SimpleBoard 1.1.0 Stable aka comsimpleboard, as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in "post ne topic" in the Frontend, 2 the Title aka...
joomlaMamboXSS.txt
Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities ======================================================================= Release Date ------------ June 01, 2006 Vendor ------- Two Shoes Mambo Factory http://www.tsmf.net/ Version ------- SimpleBoard 1.1.0 Stable comsimpleboa...
Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities
Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities ======================================================================= Release Date ------------ June 01, 2006 Vendor ------- Two Shoes Mambo Factory http://www.tsmf.net/ Version ------- SimpleBoard 1.1.0 Stable comsimpleboa...
BASE <= 1.2.4 melissa (Snort Frontend) Remote Inclusion Vulnerabilities
No description provided by source. Basic Analysis and Security Engine BASE = 1.2.4 melissa Inclusion Vulnerabilities Just glanced over BASE for a pentesting job. /str0ke ! milw0rm.com code baseqrycommon.php includeonce"$BASEpath/includes/basesignature.inc.php"; /code...
BASE <= 1.2.4 melissa (Snort Frontend) Remote Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ======================================================================= BASE = 1.2.4 melissa Snort Frontend Remote Inclusion Vulnerabilities ======================================================================= Basic Analysis and Securit...
BASE 1.2.4 - melissa Snort Frontend Remote File Inclusion
Basic Analysis and Security Engine BASE = 1.2.4 melissa Inclusion Vulnerabilities Just glanced over BASE for a pentesting job. /str0ke ! milw0rm.com code baseqrycommon.php includeonce"$BASEpath/includes/basesignature.inc.php"; /code...
Mandrake Linux Security Advisory : kernel (MDKSA-2006:040)
A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The udpv6getport function in udp.c, when running IPv6, allows local users to cause a Denial of Service infinite loop and crash CVE-2005-2973. The mqopen system call in certain situations can decrement a counter...
Ubuntu 4.10 / 5.04 / 5.10 : linux-source-2.6.8.1/-2.6.10/-2.6.12 vulnerabilities (USN-244-1)
Doug Chapman discovered a flaw in the reference counting in the sysmqopen function. By calling this function in a special way, a local attacker could exploit this to cause a kernel crash. CVE-2005-3356 Karl Janmar discovered that the /proc file system module used signed data types in a wrong way....