Unfixed XSS vulnerability at www.ledevoir.com

Security researcher h3xStream, has submitted on 09/07/2010 a cross-site-scripting XSS vulnerability affecting www.ledevoir.com, which at the time of submission ranked 54455 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2010. It is...

Unfixed XSS vulnerability at www.corning-observer.com

Security researcher Devek, has submitted on 27/07/2010 a cross-site-scripting XSS vulnerability affecting www.corning-observer.com, which at the time of submission ranked 2410763 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/12/2011. It is...

Abzarak Cross Site Scripting

Abzarak XSS Vulnerability Author:Mohammad Javanbakht Email:secanaratgmail.com blog:secanar.blogspot.com Exploit: site/?s= html code-Decode ACSII to Hex Vulnerable code: Search Demo: http://www.abzarak.com/?s=%3Cinput+value%3D%22XSS%22%3E%3C%2Finput%3E END...

Inside the Black Energy 2 Botnet

By Dmitry Tarakanov Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. One of the most popular tools is called Black Energy. To date, Kaspersky Lab has identified and implemented detection for over 4,000 modifications of this malicious program. In mid-2008 malware...

Novell Groupwise Internet Agent Stack Overflow

Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x Exploitation: Remote code execution CVE Number: Novell TID: 7006374 Author: Francis Provencher Protek Research Lab's WebSite:...

Novell Groupwise Internet Agent Stack Overflow

Exploit for windows platform in category dos / poc ============================================== Novell Groupwise Internet Agent Stack Overflow ============================================== Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise...

Novell Groupwise Internet Agent - Stack Overflow

Novell Groupwise Internet Agent - Stack Overflow Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x Exploitation: Remote code execution CVE Number: Novell TID: 7006374 Author: Francis Provencher Protek...

Mandriva Update for krb5 MDVA-2010:177-1 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVA-2010:177-1 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

Input validation

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

Gekko CMS (SQL Injection) Vulnerability

No description provided by source. 2-SQL injection Vulnerability Description: SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for strin...

CVE-2010-2452

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors...

Format string

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors...

CVE-2010-2451

KVIrc (DCC) has multiple vulnerabilities tracked as CVE-2010-2451 and CVE-2010-2452 in the DCC functionality of KVIrc 3.x/4.x. The issues are described as remotely exploitable format-string vulnerabilities (and, per GLSA, a directory-traversal issue) that could allow remote attackers to execute a...

CVE-2010-2451

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors...

Netartmedia Car Portal SQL Injection

================================================== Netartmedia Car Portal SQLi Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

[SECURITY] Fedora 13 Update: drupal-views-6.x.2.11-1.fc13

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...