SuSE Security Advisory SUSE-SA:2009:004 (kernel)

The remote host is missing updates announced in advisory SUSE-SA:2009:004. OpenVAS Vulnerability Test $Id: susesa2009004.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:004 kernel Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Insufficient Anti-automation, Abuse of Functionality и Information Leakage уязвимостях в Power Phlogger. Insufficient Anti-automation: На странице регистрации http://site/dspSignup.php нет защиты от автоматизированных запросов капчи. Abuse o...

New vulnerabilities in Power Phlogger

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting и Abuse of Functionality уязвимостях в Power Phlogger. XSS: Это reflected и persistent XSS. http://site/edCss.php?action=create+new&fields5Bcss5D=3Cscript3Ealertdocument.cookie3C/script3E Код в дальнейшем исполняется при...

[SECURITY] Fedora 10 Update: drupal-views-6.x.2.2-1.fc10

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

CVE-2008-5686

IBM Tivoli Provisioning Manager TPM before 5.1.1.1 IF0006, when its LDAP service is shared with other applications, does not require that an LDAP user be listed in the TPM user records, which allows remote authenticated users to execute SOAP commands that access arbitrary TPM functionality, as...

CVE-2008-5676

Multiple unspecified vulnerabilities in the ModSecurity aka modsecurity module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service daemon crash or bypass the product's functionality via unknown vectors relate...

[SECURITY] Fedora 9 Update: syslog-ng-2.0.10-1.fc9

syslog-ng, as the name shows, is a syslogd replacement, but with new functionality for the new generation. The original syslogd allows messages only to be sorted based on priority/facility pairs; syslog-ng adds the possibility to filter based on message contents using regular expressions. The new...

Unfixed XSS vulnerability at irish-charts.com

Security researcher Viper.aT, has submitted on 12/04/2008 a cross-site-scripting XSS vulnerability affecting irish-charts.com, which at the time of submission ranked 10365959 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/04/2008. It is...

CVE-2008-5193

Cross-site scripting XSS vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024...

CVE-2008-5185

The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service infinite loop via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using ""...

Unfixed XSS vulnerability at foro.sfpcoahuila.gob.mx

Security researcher xylitol, has submitted on 11/08/2008 a cross-site-scripting XSS vulnerability affecting foro.sfpcoahuila.gob.mx, which at the time of submission ranked 1120000 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/06/2009. It i...

[SECURITY] Fedora 9 Update: ipsec-tools-0.7.1-5.fc9

This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon...

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...

Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...

Opera Web Browser Multiple XSS Vulnerability (Windows)

The host is installed with Opera web browser and is prone to multiple Cross Site Scripting XSS Vulnerability. OpenVAS Vulnerability Test $Id: gboperamultvulnoct08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple XSS Vulnerability Windows Authors: Chandan S Copyright:...

Unfixed XSS vulnerability at www.web-agri.fr

Security researcher Mystick, has submitted on 30/10/2008 a cross-site-scripting XSS vulnerability affecting www.web-agri.fr, which at the time of submission ranked 366665 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009. It is current...

CVE-2008-4789

CVE-2008-4789 — Drupal core upgrade/validation issue. The vulnerability affects Drupal 6.x before 6.5, where the validation logic in the core upload module allows remote authenticated users to bypass access controls and attach files to content. The root cause is described as a logic error in vali...

[Backports-security-announce] Security Update for pidgin

Gerfried Fuchs uploaded new packages for pidgin which fixed the following security problem: CVE-2008-2957, Debian Bug 488632 The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service memory...

Opera Stored Cross Site Scripting Vulnerability

====================================================== ================= = Opera Stored Cross Site Scripting Vulnerability = = Vendor Website: = http://www.opera.com = = Affected Version: = -- All desktop versions = = Public disclosure on 22nd October 2008 =...

websvn-xssfhce.txt

WebSVN alertdocument.cookie; A url like the one above would display a JavaScript alert window containing the cookie data of any set cookies for the domain. File Handling Issues: There are some file handling issues in the RSS functionality used by WebSVN. The issue is caused by the following bit o...