7747 matches found
TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ======================================================================= TLM CMS = 1.1 i-accueil.php chemin Remote File Include Vulnerability ======================================================================= /\ Published : 2007-01-12...
CVE-2006-6730
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode SMM handler via a write to an SMRAM address within /dev/xf86 aka the video card...
CVE-2006-6730
OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode SMM handler via a write to an SMRAM address within /dev/xf86 aka the video card...
CVE-2006-6088
Multiple cross-site scripting XSS vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 n or 2 d parameter in igallery.asp, or 3 an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, i...
CVE-2006-6088
BlueCollar i-Gallery 3.4 is affected by multiple XSS vulnerabilities. A remote attacker can inject arbitrary scripts via the n or d parameters in igallery.asp, or via an unspecified parameter related to search (possibly the Search Gallery field) or the myquery parameter in search.asp. The notes i...
CVE-2006-6088
Multiple cross-site scripting XSS vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 n or 2 d parameter in igallery.asp, or 3 an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, i...
i-Gallery34.txt
Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/i-Gallery34.txt ----------------------------------------------------------- Software: i-Gallery 3.4 Method : Cross Site Scripting PoC: http://target/path/igallery.asp?n=XSS http://target/path/igallery.asp&d=XSS and...
i-Gallery 3.4 Cross Site Scripting
Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://aria-security.net/advisory/i-Gallery34.txt ----------------------------------------------------------- Software: i-Gallery 3.4 Method : Cross Site Scripting PoC:...
i-Gallery 3.4 - igallery.asp Multiple Cross-Site Scripting Vulnerabilities
i-Gallery 3.4 - igallery.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21122/info The i-gallery application is prone to multiple-input validation vulnerabilities, including multiple cross-site scripting vulnerabilities and an HTML-injection issue,...
i-Gallery 3.4 - 'igallery.asp' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/21122/info The i-gallery application is prone to multiple-input validation vulnerabilities, including multiple cross-site scripting vulnerabilities and an HTML-injection issue, because the software fails to sufficiently sanitize user-supplied data...
CVE-2006-5664
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit CSDK 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files...
CVE-2006-5663
CVE-2006-5663 affects IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90. The root cause is insecure permissions on installation scripts, allowing local users to gain privileges by modifying the scripts. The available documents do ...
USN-302-1: Linux kernel vulnerabilities
An integer overflow was discovered in the doreplace function. A local user process with the CAPNETADMIN capability could exploit this to execute arbitrary commands with full root privileges. However, none of Ubuntu's supported packages use this capability with any non-root user, so this only...
CVE-2006-3021
Multiple cross-site scripting XSS vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 n and 2 d parameters in a login.asp and the d parameter in b igallery.asp...
CVE-2006-3021
CVE-2006-3021 describes multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier. The issueable input vectors are the (1) n and (2) d parameters in login.asp and the d parameter in igallery.asp, allowing remote attackers to inject arbitrary web script or HT...
CVE-2006-3021
Multiple cross-site scripting XSS vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 n and 2 d parameters in a login.asp and the d parameter in b igallery.asp...
NFS client panic using O_DIRECT
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service NFS client panic via unknown attack vectors related to the use of ODIRECT direct I/O...
Microsoft Word object pointer memory corruption vulnerability
Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-014.html May 10, 2006 -- CVE ID: CVE-2006-2273 -- Affected Vendor: Verisign -- Affected Products: i-Nav ActiveX Control -- TippingPointTM IPS Customer Protection: TippingPoin...
I-Nav VUpdater.Install ActiveX Buffer Overflow
The remote host contains an ActiveX control, 'VUpdater.Install', associated with Verisign I-Nav, which provides support for Internationalized Domain Names in Microsoft Internet Explorer, Outlook and Outlook Express that reportedly contains a buffer overflow vulnerability that arises when processi...