145 matches found
CVE-2007-4344
CVE-2007-4344 involves heap-based buffer overflows in ACDSee products: PSP images processed by ID_PSP.apl and LHA archives by AM_LHA.apl, leading to remote code execution with user-assisted input. Affects ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 bui...
advisory-481.txt
KAPDA New advisory Vendor: http://www.flexbb.net Vulnerable Version: 1.0.0 10005 Beta Release 1 Bug: SQL Injection Exploitation: Remote with browser Description: -------------------- Flexbb is a freely available PHP-based message board program that uses a MySQL database. Vulnerability:...
SUSE-SA:2006:053: flash-player
The remote host is missing the patch for the advisory SUSE-SA:2006:053 flash-player. Multiple input validation errors have been identified in the Macromedia Flash Player that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered...
FreeBSD : linux-flashplugin7 -- arbitrary code execution vulnerabilities (7c75d48c-429b-11db-afae-000c6ec775d9)
Adobe reports : Multiple input validation errors have been identified in Flash Player 8.0.24.0 and earlier versions that could lead to the potential execution of arbitrary code. These vulnerabilities could be accessed through content delivered from a remote location via the user?s web browser,...
FreeBSD : horde -- multiple parameter XSS vulnerabilities (09429f7c-fd6e-11da-b1cd-0050bf27ba24)
FrSIRT advisory ADV-2006-2356 reports : Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the 'test.php' and 'templates/problem/problem.inc' scrip...
horde -- multiple parameter cross site scripting vulnerabilities
FrSIRT advisory ADV-2006-2356 reports: Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" script...
Phpwebgallery <= 1.4.1 SQL injection Vulnerability
Moroccan Security Team |ucif3r Greetz To All Freind Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks...
Kayako Live Response 2.0 - 'index.php' Calendar Feature Multiple SQL Injections
source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for...
Kayako Live Response 2.0 - index.php Calendar Feature Multiple SQL Injections
Kayako Live Response 2.0 - index.php Calendar Feature Multiple SQL Injections source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
NPDS 4.8 5.0 - links.php?Query SQL Injection
NPDS 4.8 5.0 - links.php?Query SQL Injection source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attack...
NPDS 4.8 < 5.0 - 'faq.php?categories' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may result in the theft of...
NPDS 4.8 5.0 - faq.php?categories Cross-Site Scripting
NPDS 4.8 5.0 - faq.php?categories Cross-Site Scripting source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL...
NPDS 4.8 < 5.0 - 'sdv_infos.php?sitename' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may result in the theft of...
NPDS 4.8 5.0 - sdv_infos.php?sitename Cross-Site Scripting
NPDS 4.8 5.0 - sdvinfos.php?sitename Cross-Site Scripting source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL...
NPDS 4.8 /5.0 - 'modules.php?Lettre' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may result in the theft of...
NPDS 4.8 < 5.0 - 'reviews.php?title' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may result in the theft of...
GLSA-200503-37 : LimeWire: Disclosure of sensitive information
The remote host is affected by the vulnerability described in GLSA-200503-37 LimeWire: Disclosure of sensitive information Two input validation errors were found in the handling of Gnutella GET requests CAN-2005-0788 and magnet requests CAN-2005-0789. Impact : A remote attacker can craft a specif...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
[SA12789] IceWarp Web Mail Cross-Site Scripting Vulnerabilities
TITLE: IceWarp Web Mail Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA12789 VERIFY ADVISORY: http://secunia.com/advisories/12789/ CRITICAL: Moderately critical IMPACT: Unknown, Cross Site Scripting WHERE: From remote SOFTWARE: IceWarp Web Mail 5.x http://secunia.com/product/3775/...