vuls

This is an open-source vulnerability scanner for Linux and FreeBSD, written in Go. It is an agentless scanner, meaning it does not require any additional software to be installed on the target systems. The scanner is designed to be easy to use and provides a simple command-line interface. The...

DRUPAL-CONTRIB-2025-029

This module enables you to obfuscate email addresses, to avoid them being easily available to spammers. The module doesn't sufficiently sanitise input when ROT13 encoding is used. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to enter specific HTML...

Sudomy - Subdomain Enumeration & Analysis

Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time,Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions...

[SECURITY] Fedora 28 Update: ntp-4.2.8p13-1.fc28

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

Search and Dump System Configuration: otseca

The main assumption of creating this tool was easier and faster delivery of commands sets to be performed on customer environments. As a result of such a scan I wanted to get the most useful information about system components that will be subjected to penetration tests and audits at a later time...

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

[SECURITY] Fedora 26 Update: ntp-4.2.8p10-1.fc26

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts are in the ntp-perl package, ntpdate is in...

[SECURITY] Fedora 20 Update: webalizer-2.23_08-1.fc20

The Webalizer is a Web server log analysis program. It is designed to scan Web server log files in various formats and produce usage statistics in HTML format for viewing through a browser. It produces professional looking graphs which make analyzing when and where your Web traffic is coming from...

TurboMail正文存储型漏洞

简要描述： 对富文本格式的正文过滤不完善，导致正文存在xss 详细说明： 本地搭建TurboMail环境，并创建用户[email protected]和[email protected]，然后利用账号[email protected]给[email protected]其发送邮件，邮件正文为 ，注意正文必须为html格式，不是纯文本格式。用户打开邮件即可触发漏洞。 漏洞证明：...

Internet Explorer HtmlDlgHelper Class Memory Corruption (MS10-071; CVE-2010-3329)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. To trigger this issue, ...

Microsoft Internet Explorer MSHTML Uninitialized Memory Corruption (MS10-071; CVE-2010-3331)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted when a document in an HTML format is opened in Microsoft Word. To trigger this issue, ...

Cross site scripting

Cross-site scripting XSS vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format...

CVE-2008-0563

Cross-site request forgery CSRF vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

JVN#34058672 Nessus report function vulnerable to arbitrary script execution

Nessus, a vulnerability scanner from Tenable Network Security, Inc., is capable of providing test reports in HTML format. The report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed...

Land Down Under <= 800 Multiple Vulnerabilities

The remote web server contains a PHP script that permits SQL injection and cross-site scripting attacks. Description : The remote version of Land Down Under is prone to various SQL injection and cross-site scripting attacks provided PHP's 'magicquotes' setting is disabled due to its failure to...

Pragma TelnetServer crossite scripting

Crossite scripting if log files are stored in HTML format...

sonicwallXSS.txt

SonicWALL SOHO/10 - XSS and Code Injection vulnerability ======================================================== Product: ======== SonicWall SOHO/10 is the 2nd generation Internet Security Appliance from Sonicwall, with firewall-, vpn-, contentfiltering- and other capabilities. Vulnerability:...

RHEL 2.1 : webalizer (RHSA-2002:255)

Updated Webalizer packages are available for Red Hat Linux Advanced Server 2.1 which fix an obscure buffer overflow bug in the DNS resolver code. Updated 13 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1...

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...