6646 matches found
Buffer overflow
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...
CVE-2009-3700
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service application hang or loss of blocking functionality via a long URL with many / slash characters, related to "emergency mode."...
Unfixed XSS vulnerability at india.recruit.net
Security researcher sameer saran, has submitted on 26/10/2009 a cross-site-scripting XSS vulnerability affecting india.recruit.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is...
Find Windows 2003 Client Functionality over WMI - Windows
Find Windows 2003 Client Functionality over WMI: NetMeeting OutlookExpress Windows Media Player SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Insufficient Anti-automation and Abuse of Functionality vulnerabilities in ALFcontact for Joomla
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Abuse of Functionality уязвимостях в компоненте ALFcontact comalfcontact для Joomla. Insufficient Anti-automation: http://site/option,comalfcontact/ На странице контактов нет защиты от автоматизированных запросов...
CVE-2009-3503
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 rid and 2 tid parameters...
Code injection
Unspecified vulnerability in ia32el aka the IA 32 emulation functionality before 70427022-0.4.2 in SUSE Linux Enterprise SLE 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service system crash via a 32-bit x86 application...
Design/Logic Flaw
Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php...
CVE-2009-3110
Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does...
Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service
No description provided by source. MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the...
Microsoft IIS FTPd Denial Of Service
MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...
Microsoft IIS 5.0/6.0 FTP Server - Stack Exhaustion Denial of Service
MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...
Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")
MS IIS FTPD DoS ZER0DAY There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read access to t...
Design/Logic Flaw
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7051
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...
Authentication flaw
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to 1 user.php, 2 articles.php, 3 articlesuspend.php, 4 site.php, 5 statistics.php, 6 mail.php, 7 category.php, 8 subcategory.php, 9 changepassword.php, 10 polling.php,...
CVE-2008-7051
AJ Square AJ Article is affected by CVE-2008-7051, where remote attackers can bypass authentication and access administrator functionality by directly requesting any of the admin scripts: user.php, articles.php, articlesuspend.php, site.php, statistics.php, mail.php, category.php, subcategory.php...
CVE-2009-2882
Multiple cross-site scripting XSS vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 browseladies.php and 2 browsemen.php, the 3 gender parameter to search.php, and the 4 id parameter to services.php...
Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
The remote host is missing an update to apache-modsecurity announced via advisory MDVSA-2009:183. OpenVAS Vulnerability Test $Id: mdksa2009183.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:183 apache-modsecurity Authors: Thomas Reinke Copyright:...
CVE-2009-2087
The Web Services functionality in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial ...