XSS in ACS blog

XSS vulnerability exist in the ACS blog ASP WEBLOG SYSTEM . Vulnerable : ACS Blog v 0.8 ACS Blog v 0.9 ACS Blog v 1.0 ACS Blog v 1.1b Code : /search.asp?search=223Cbr3E3Ciframe+src3D22http3A2F2Fgoogle.com223E3C2Fiframe3E or goto /search.asp and copy this code : "briframe...

kdelibs -- local DCOP denial of service vulnerability

A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...

HP-UX PHSS_17484 : s700_800 11.00 MC/LockManager A.11.05 (Japanese) Patch

s700800 11.00 MC/LockManager A.11.05 Japanese Patch : MC/ServiceGuard and MC/LockManager exhibit improper implementation of restricted SAM functionality. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHSS1748...

GhostScript symbolic links problem

Symbolic links problem in multiple scripts...

CVE-2005-0124

The codapioctl function in the coda functionality pioctl.c for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service crash or execute arbitrary code via negative vi.insize or vi.outsize values, which may trigger a buffer overflow...

CVE-2004-1358

The patches 1 114332-08 and 2 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module BSM, which allows attackers to avoid having their activity logged...

konversation irc client 0.15 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/12312/info Konversation is a freely available IRC client for KDE windows environments on Linux platforms. Multiple remote vulnerabilities affect the Konversation IRC client. These issues are due to input validation failures and design flaws. The first iss...

Apache mod_dosevasive symbolic links problem

Symbolic links problem on temporary files creation...

CVE-2005-0288

The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords...

CVE-2004-1294

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / slash characters...

CVE-2004-1137

Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via 1 the ipmcsource function, which decrements a counter to -1, or 2 the igmpmarksources function, whi...

CVE-2004-1148

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sqllocalfile parameter...

Multiple GRASS symbolic link problems

No description provided...

Multiple Vulnerabilities in FlatNuke

CODEBUG Labs Advisory 6 Title: Multiple Vulnerabilities in Flat-nuke Author: Pierquinto 'Mantra' Manco English Version: David 'hanska' Paleino Product: Flat-Nuke 2.5.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org - Software Page www.flatnuke.org "FlatNuke is a CMS Content Management...

Mozilla nsNNTPProtocol.cpp NNTP news:// URI Handling Overflow DoS

The remote version of Mozilla is vulnerable to a heap overflow attack against its NNTP functionality. This may allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to set up a rogue news site and lure a victim on the remote host into reading...

CVE-2004-0813

Unknown vulnerability in the SGIO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations...

CVE-2004-2559

DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including 1 Mediaselectiondialog, 2 Recent changes, 3 feed, and 4 search, possibly due to the lack of ACL checks...

CVE-2004-2359

Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality...

CVE-2004-0813

Unknown vulnerability in the SGIO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations...

RHEL 3 : kernel (RHSA-2004:689)

Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues : Petr Vandrovec discovered a flaw in the 32bit emulation code...