6643 matches found
mod_pubcookie -- Empty Authentication Security Advisory
Nathan Dors, Pubcookie Project reports: An Abuse of Functionality vulnerability in the Pubcookie authentication process was found. This vulnerability allows an attacker to appear as if he or she were authenticated using an empty userid when such a userid isn't expected. Unauthorized access to web...
Pebble 2.0.0 RC[1,2] XSS vulnerability
Software: Pebble Version: 2.0.0 RC1 - 2.0.0 RC2 Author: Simon Brown Homepage: http://pebble.sourceforge.net Abstract Pebble is a blogging system built upon java and XML. There is no database to store the data into but just XML is used instead. Description Vulnerability: XSS vulnerability in...
RE: Computer Associates eTrust Security Command Center Multiple Vulnerabilities
aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 22-Sep-2006 Software: Computer Associates - eTrust Security Command Center http://www3.ca.com/solutions/Product.aspx?ID=4351 "eTrust Security Command Center helps you discover and prioritize relevan...
EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable
MS06-042 Related Internet Explorer 'Crash' is Exploitable Date: August 22, 2006 Severity: High Systems Affected: Windows 2000 with IE6 SP1 and MS06-042 hotfix installed Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed Overview: On August 8th Microsoft released MS06-042 which was a...
Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue
-- Corsaire Security Advisory -- Title: VMware ESX Server Password Cross Site Request Forgery issue Date: 14.11.05 Application: VMware ESX prior to 2.5.3 upgrade patch 2 VMware ESX prior to 2.1.3 upgrade patch 1 VMware ESX prior to 2.0.2 upgrade patch 1 Environment: VMware ESX Author: Stephen de...
CVE-2006-3945
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service crash by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption...
ruby -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted...
e107XSS.txt
http://target.xx/search.php?q=&r=0&s=Search&in=1&ex=1&ep= %27%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript% 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author= ------------------ Submit comment Subject: 'alert/XSS/ Click Reply to this you comment. Ellipsis Security http://www.ellsec.org...
Cross site scripting
Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...
CVE-2006-2925
Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...
CVE-2006-2925
Cross-site scripting XSS vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality...
Sphider.txt
--------------------------------------------- Sphider Multiple Xss Vulnerabilities --------------------------------------------- Site: http://www.cs.ioc.ee/ando/sphider/ Bug: 1- http://victim/path/search.php/"alert/Soot/ 2- http://victim/path/search.php?category="alert/Soot/...
CVE-2006-2479
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...
Design/Logic Flaw
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...
CVE-2006-2479
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site...
CVE-2006-2479
Technical details about CVE-2006-2479 are not publicly provided in the supplied documents. Monitor for updates; current records summarize the issue at a high level without specifics on affected versions, vectors, or mitigations.
[Full-disclosure] Multiple Vulns in Bitrix CMS
Multiple Vulns in Bitrix CMS Vendor bitrix.com Version The latest one 4.1.x Severity Medium Patched: No Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can conduct XSS attacks and compromise vulnerable system. 1. A remote attacker can get information about version history and...
CVE-2006-2390
Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...
Cross site scripting
Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...
CVE-2006-2390
The set of connected documents confirms a cross-site scripting (XSS) vulnerability in OZJournals 1.2, exploitable via the vname parameter in the comments functionality. The CVSSv2 base score is 5.8 (Medium), with network access required and no user interaction needed, and impact described as part...