32 matches found
UBUNTU-CVE-2023-24472
A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...
UBUNTU-CVE-2017-11555
There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service...
ModernBill 4.3 User.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17596/info ModernBill is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allo...
PhxContacts 0.93 - contact_view.php?id_contact SQL Injection
PhxContacts 0.93 - contactview.php?idcontact SQL Injection source: https://www.securityfocus.com/bid/17306/info PhxContacts is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...
mybbXSS.txt
XSS VULN IN ALL MYBB VERSIONS INCLUDING PR2 Vendor: given SEVEN days notice, no patch released! Just to say, I am apalled with the fact that I contacted MyBB on the 30 August, and was originally not planning to go public. However, because they have failed to release a patch I have decided to aler...
Exploit Labs Security Advisory 2005.6
------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...
[Full-disclosure] Yahoo! Messenger Offline Mode Status Remote Buffer Overflow Vulnerability
It has been reported that a remote buffer overflow vulnerability affects Yahoo! Messenger. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. It is likely that the attacker must be in the contact list of an unsuspecting user to...
CVE-2002-1443
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler...
phpBB 2.0.4 Remote php File Include Exploit
No description provided by source. // / phpBB 2.0.4 Remote AdminStyles.PHP ThemeInfo.CFG File Include / / / / Exploit made on June 2003 by Spoofed Existence / / / / Patch : http://www.phpbb.com/phpBB/viewtopic.php?t=113826 / // include stdio.h include sys/types.h include sys/socket.h include...
CutePHP CuteNews 1.3 - HTML Injection
source: https://www.securityfocus.com/bid/8060/info CutePHP is prone to HTML injection attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to news posts are not sufficiently sanitized of malicious HTML code...
b0f5-Qpopper.txt
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y 5 Advisory Name: Remote shell via Qpopper2.53 Date: 5/23/00 Application: Qpopper 2.53 for NIX Vendor: Qualcomm Incorporated WWW: www.qualcomm.com Severity: can give users remote shell with gid=mail. Author: prizm [email protected]...
Fred N. van Kempen dip 3.3.7 - Local Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/86/info A buffer overflow resides in 'dip-3.3.7o' and derived programs. This is a problem only on systems where 'dip' is installed setuid. The culpable code is an 'sprintf' in line 192 in 'main.c': sprintfbuf, "%s/LCK..%s", PATHLOCKD, nam; / Linux x86...