CVE-2008-4177

SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise MRG 1.0. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

RhinoSoft Serv-U SFTP Remote Denial of Service Vulnerability

RhinoSoft Serv-U SFTP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Abuse of Functionality vulnerability in WP-ContactForm for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Abuse of Functionality уязвимости в плагине WP-ContactForm для WordPress. Abuse of Functionality: На странице контактов есть функция “Copy yourself on the form submission”. Она включается в настройках Copy Option и приводит к тому, что через сайт...

Microsoft Messenger unauthorized ActiveX access

Messenger.UIAutomation.1 ActiveX allows access to applciation functionality...

Cross site scripting

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting XSS attacks via an MP3 file with JavaScript in id3 tags...

CVE-2008-3567

Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting XSS attacks via an MP3 file with JavaScript in id3 tags...

Vulnerabilities in Contact Form ][ for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в плагине Contact Form для WordPress. Insufficient Anti-automation: Отсутствие капчи позволяет слать автоматические сообщения в частности спам админам сайта...

CVE-2008-3394

Multiple cross-site scripting XSS vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the 1 gallery and 2 searchstring parameters...

Unfixed XSS vulnerability at www.masterlock.com

Security researcher mckt, has submitted on 25/07/2008 a cross-site-scripting XSS vulnerability affecting www.masterlock.com, which at the time of submission ranked 265381 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2008. It is current...

Unfixed XSS vulnerability at www.bettycrocker.com

Security researcher holisticinfosec, has submitted on 24/07/2008 a cross-site-scripting XSS vulnerability affecting www.bettycrocker.com, which at the time of submission ranked 15293 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2008. I...

CVE-2008-3225

Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

CVE-2008-3048 concerns the PDF Generator 2 (pdf_generator2) extension for TYPO3 (versions 0.5.0 and earlier). The vulnerability is described as unspecified with unknown impact and attack vectors, related to an "Unprotected test functionality." The connected documents provide the affected product ...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

Unfixed XSS vulnerability at www.poemhunter.com

Security researcher skathgh420, has submitted on 29/06/2008 a cross-site-scripting XSS vulnerability affecting www.poemhunter.com, which at the time of submission ranked 6625 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2008. It is...

Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...