CVE-2006-6776

Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the 1 newsId or 2 categoryid parameter in a Portal.Showpage action in index.cfm, or 3 the langId parameter in index.cfm...

CVE-2006-6777

Cross-site scripting XSS vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action...

Future Internet - 'index.cfm' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal...

Future Internet - 'index.cfm?categoryId' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issues to steal...

Future Internet - index.cfm Multiple SQL Injections

Future Internet - index.cfm Multiple SQL Injections source: https://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. A...

Avotus mm File Retrieval attempt

The script attempts to force the remote Avotus CDR mm service to include the file /etc/passwd across the network. OpenVAS Vulnerability Test $Id: avotusmm.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Avotus mm File Retrieval attempt Authors: Anonymous Copyright: Copyright C 2004 Anonymous...

Drag and drop loading of privileged XUL — Mozilla

A malicious page that could lure a user into dragging something such as a fake scrollbar can bypass the restriction on opening privileged XUL. The startup scripts in the XUL will run with enhanced privilege, though the actions taken upon merely opening most XUL are benign. So far no way to run...

DEBIAN-CVE-2004-0657

Integer overflow in the NTP daemon NTPd before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time...

Invision Power Top Site List 2.0 Alpha 3 - SQL Injection (PoC)

Invision Power Top Site List 2.0 Alpha 3 - SQL Injection PoC Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 2.0 Alpha 3 Website: http://www.invisionpower.com/ BID: 9229 Description: Invision Power Top Site List is a...

FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure

FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure source: https://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to...

ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables

---------------------------------------------- | IMG Attack in the news : 6 CMS vulnerables | ---------------------------------------------- PROGRAM: XOOPS, PHP-NUKE, NPDS, daCode, Drupal, phpWebSite VULNERABLE VERSIONS: I believe that all versions are vulnerables IMMUNE VERSIONS: no immune curre...

OpenSSL PRNG contains design flaw that allows a user to determine internal state and predict future output

Overview The pseudorandom number generator PRNG in OpenSSL has a weakness that allows an attacker to determine its internal state and subsequently determine its future output values. Description OpenSSL's PRNG hashes an internal state to produce output values, which are supposed to be pseudorando...

CVE-2001-1141

The Pseudo-Random Number Generator PRNG in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers...

Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure

source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...

CVE-2021-21158

Rejected reason: Further investigation determines issue is not within scope of this CNA...

Update for Windows Vista for x64-based Systems (KB937287)

Install this update to enable future updates to install successfully on all editions of Windows Vista. This update may be required before selected future updates can be installed. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be...

Update for Windows Server 2008 for Itanium-based Systems (KB955430)

Install this update to enable future updates to install successfully on all editions of Windows Server 2008. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed. This update is provided to you and licensed under the Window...

Update for Windows Vista (KB955430)

Install this update to enable future updates to install successfully on all editions of Windows Vista. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed. This update is provided to you and licensed under the Windows Vist...

Update for Windows Vista for x64-based Systems (KB955430)

Install this update to enable future updates to install successfully on all editions of Windows Vista. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed. This update is provided to you and licensed under the Windows Vist...

Update for Windows Vista for x64-based Systems (KB938371)

Install this update to enable future updates to install successfully on all editions of Windows Vista. This update may be required before selected future updates can be installed. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be...