CVE-2007-4647

CVE-2007-4647 affects 2coolcode Our Space (Ourspace) 2.0.9. The issue is in uploadmedia.cgi, where unrestricted upload functionality allows remote attackers to upload certain files via unspecified vectors. The root cause is not clearly detailed beyond “unrestricted functionality in uploadmedia.cg...

Unfixed XSS vulnerability at www.kreuzberg.de

Security researcher Renoized, has submitted on 30/08/2007 a cross-site-scripting XSS vulnerability affecting www.kreuzberg.de, which at the time of submission ranked 1055546 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is...

Unfixed XSS vulnerability at insideedition.com

Security researcher kRuSaDeR, has submitted on 29/08/2007 a cross-site-scripting XSS vulnerability affecting insideedition.com, which at the time of submission ranked 168785 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is...

[SECURITY] Fedora Core 6 Update: ipsec-tools-0.6.5-8.fc6

This is the IPsec-Tools package. You need this package in order to really use the IPsec functionality in the linux-2.5+ kernels. This package builds: - setkey, a program to directly manipulate policies and SAs - racoon, an IKEv1 keying daemon...

Unfixed XSS vulnerability at www.municipia.it

Security researcher Langy, has submitted on 24/08/2007 a cross-site-scripting XSS vulnerability affecting www.municipia.it, which at the time of submission ranked 1083240 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/08/2007. It is current...

CVE-2007-4493

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...

Design/Logic Flaw

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module...

iDefense Security Advisory 08.20.07: Trend Micro SSAPI Long Path Buffer Overflow Vulnerability

Trend Micro SSAPI Long Path Buffer Overflow Vulnerability iDefense Security Advisory 08.20.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 20, 2007 I. BACKGROUND Trend Micro AntiSpyware is a spyware detection and removal application designed to help protect home users computers,...

Unfixed XSS vulnerability at search.dunyagazetesi.com.tr

Security researcher St@rExT, has submitted on 19/08/2007 a cross-site-scripting XSS vulnerability affecting search.dunyagazetesi.com.tr, which at the time of submission ranked 47501 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/08/2007. It...

CVE-2007-4386

SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter...

CentOS 4 : libgtop2 (CESA-2007:0765)

An updated libgtop2 package that fixes a security issue and a functionality bug is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libgtop2 package contains a library for obtaining information...

liberoit-xss.txt

The Italian ISP Libero.it not check the HTTP POST Parameter "pQuery" on search query and displays the content of this variable without modification within the html form area. Security problems on Libero's 155.it allows attackers to conduct XSS attacks for the following URL:...

Cross site scripting

Cross-site scripting XSS vulnerability in the Temporary Uploads editing functionality wp-admin/includes/upload.php in WordPress 2.2.1, allows remote attackers to inject arbitrary web script or HTML via the style parameter to wp-admin/upload.php...

Unfixed XSS vulnerability at www.shopsex.cz

Security researcher CrypTIc, has submitted on 26/07/2007 a cross-site-scripting XSS vulnerability affecting www.shopsex.cz, which at the time of submission ranked 2908705 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is current...

xorg security update

CentOS Errata and Security Advisory CESA-2007:0519 Updated X.org packages that correct a flaw in the way the X.Org X11 xfs font server starts are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. X.or...

CVE-2007-3484

Cross-site scripting XSS vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script...

PT-2007-4745 · Google · Google Custom Search Engine

Name of the Vulnerable Software and Affected Versions: Google Custom Search Engine affected versions not specified Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the q parameter in the search functionality. This issue is disputed b...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

Null pointer dereference

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...

CVE-2007-1664

ekg before 1:1.7rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service NULL pointer dereference via a vector related to the token OCR functionality...