Unfixed XSS vulnerability at www.twbookjuice.co.uk

Security researcher By Encore, has submitted on 11/04/2007 a cross-site-scripting XSS vulnerability affecting www.twbookjuice.co.uk, which at the time of submission ranked 3574562 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/04/2007. It i...

Unfixed XSS vulnerability at www.ikmagazine.com

Security researcher 0ssi3, has submitted on 11/02/2007 a cross-site-scripting XSS vulnerability affecting www.ikmagazine.com, which at the time of submission ranked 3419337 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/02/2007. It is...

Buffer overflow

The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions Everyone:Write for the \.\Tmfilter device, which allows local users to send arbitrary content to the device via the...

Code injection

Unspecified vulnerability in the Internet Protocol IP functionality in Sun Solaris 10 allows local users to cause a denial of service panic via unspecified vectors, probably related to a UDP packet...

CVE-2007-5716

CVE-2007-5716 affects the Internet Protocol (IP) functionality in Sun Solaris 10 . The vulnerability is described as an unspecified local DoS (panic) caused by vectors likely related to a UDP packet. The exact component/file, root cause, and affected versions beyond Solaris 10 are not detailed in...

CVE-2007-5716

Unspecified vulnerability in the Internet Protocol IP functionality in Sun Solaris 10 allows local users to cause a denial of service panic via unspecified vectors, probably related to a UDP packet...

CVE-2007-5358

Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow 1 remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or 2 local users to execute arbitrary code via a long...

CVE-2007-5228

CVE-2007-5228 is a Drupal XSS vulnerability in the subscription functionality of the Project issue tracking module. The issue enables remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors in the (1) individual and (2) ove...

Unfixed Redirect vulnerability at tarih.us

Security researcher Narcoticxs, has submitted on 30/09/2007 a Redirect vulnerability affecting tarih.us, which at the time of submission ranked 7330054 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/10/2007. It is currently unfixed. If you...

Unfixed XSS vulnerability at www.rubne.com

Security researcher BackDoor, has submitted on 24/09/2007 a cross-site-scripting XSS vulnerability affecting www.rubne.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2007. It is currently...

Unfixed XSS vulnerability at www.satagear.com

Security researcher tenest, has submitted on 22/09/2007 a cross-site-scripting XSS vulnerability affecting www.satagear.com, which at the time of submission ranked 1195424 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/09/2007. It is...

Moderate: Red Hat Security Advisory: xorg-x11 security update

Updated X.org packages that correct a flaw in X.Org's composite extension are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.org is an open source implementation of the X Window System. It provid...

simpcms-sql.txt

SimpCMS = all Remote SQL Injection Vulnerability Found By : ú Cold z3ro , http://www.hackteach.org/ Script : http://www.simpcms.com/ ==================================== Exploit : /index.php?site=search&keyword=1'//union//select//0,1,2,3,name,5,6//from//categories/ OR /index.php?site=search in...

Unfixed XSS vulnerability at search.burlingtoncoatfactory.com

Security researcher tenest, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting search.burlingtoncoatfactory.com, which at the time of submission ranked 38072 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007...

Unfixed XSS vulnerability at www.moviebox.se

Security researcher By Encore, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting www.moviebox.se, which at the time of submission ranked 459655 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It is...

Hardcoded credentials

The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...

CVE-2007-4901

The embedded Internet Explorer server control in AOL Instant Messenger AIM 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows remote attackers to place HTML into unexpected...

CVE-2005-4862

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password...

CVE-2007-4647

newswire/uploadmedia.cgi in 2coolcode Our Space Ourspace 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi...

Design/Logic Flaw

newswire/uploadmedia.cgi in 2coolcode Our Space Ourspace 2.0.9 allows remote attackers to upload certain files via unspecified vectors, probably involving unrestricted functionality in uploadmedia.cgi...