639 matches found
PHP Scripts Now (Multiple Products) - bios.php?rank Cross-Site Scripting
PHP Scripts Now Multiple Products - bios.php?rank Cross-Site Scripting source: https://www.securityfocus.com/bid/44306/info Multiple PHP Scripts Now products are prone to an input-validation vulnerability that can be exploited to conduct SQL-injection and cross-site scripting attacks. Exploiting...
IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation
source: https://www.securityfocus.com/bid/34827/info IceWarp Merak Mail Server is prone to an input-validation vulnerability because it uses client-supplied data when performing a 'Forgot Password' function. Attackers can exploit this issue via social-engineering techniques to obtain valid users'...
GraphicsMagick Multiple Vulnerabilities - Linux
GraphicsMagick graphics tool is prone to multiple buffer overflow/underflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Sun xVM VirtualBox Privilege Escalation Vulnerability
1. Advisory Information Title: Sun xVM VirtualBox Privilege Escalation Vulnerability Advisory ID: CORE-2008-0716 Advisory URL:http://www.coresecurity.com/core-labs/advisories/virtualbox-privilege-escalation-vulnerability Date published: 2008-08-04 Date of last update: 2008-08-04 Vendors contacted...
Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'GradebookStuScores.asp?GrdBk' SQL Injection
source: https://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...
CVE-2007-0216
CVE-2007-0216 is a remote code execution vulnerability in the Microsoft Works File Converter. It stems from improper validation of .wps section length headers in wkcvqd01.dll. A crafted .wps file could allow an attacker to take control of the affected system. Affected products include Microsoft O...
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities
Sun Java System Identity Manager 6.07.07.1 - idmlogin.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site...
Adobe Flash Player ActionScript launch command execution
Added: 01/07/2008 CVE: CVE-2008-5499 BID: 32896 OSVDB: 50796 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem An input validation vulnerability allows command execution when the browser loads an SWF file which contains shell...
TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
Template Security Security Advisory ----------------------------------- BlueCat Networks Adonis root Privilege Access Date: 2007-08-06 Advisory ID: TS-2007-002-0 Vendor: BlueCat Networks, http://www.bluecatnetworks.com/ Revision: 0 Contents -------- Summary Software Version Details Impact Exploit...
Insanely Simple Blog 0.4/0.5 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Exploiting these issue...
Jetbox CMS 2.1 Email - 'FormMail.php' Input Validation
source: https://www.securityfocus.com/bid/23989/info Jetbox CMS is prone to an input-validation vulnerabilitiy because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to send spam email in the context of the application. Jetbox 2.1 is vulnerable; other versio...
The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net
Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...
AIOCP 1.3.x - 'cp_show_ec_products.php' SQL Injection
source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...
Novell eDirectory/iMonitor HTTPSTK栈缓冲区溢出漏洞
Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory在处理用户请求构造回应时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 Novell的HTTP协议栈(httpstk)没有检查客户端所提供的HTTP Host请求头(如Host: www.host.com)的值。当服务器在准备HTTP重新定向响应调用snprintf时可能会触发这个漏洞,导致以加载httpstk库进程的权限执行任意指令。C++伪代码如下: define HTTPHDRHOSTFIELD 211 char szHttp = "HTTP"; char...
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect
source: https://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. This issue allows remote attackers to execute phishing-style attacks against...
123 Flash Chat 5.0 - Remote Code Injection
123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...
VCD-db 0.9x - search.php?by SQL Injection
VCD-db 0.9x - search.php?by SQL Injection source: https://www.securityfocus.com/bid/15840/info VCD-db is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these...
Walla TeleSite 3.0 - ts.exe?sug SQL Injection
Walla TeleSite 3.0 - ts.exe?sug SQL Injection source: https://www.securityfocus.com/bid/15419/info Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input. Walla TeleSite is prone to information and path disclosur...
AWStats configdir parameter arbitrary cmd exec
The remote host is running AWStats, a free real-time logfile analyzer. The remote version of this software is prone to an input validation vulnerability. The issue is reported to exist because user supplied OpenVAS Vulnerability Test $Id: awstatsconfigdir.nasl 6056 2017-05-02 09:02:50Z teissa $...
awstats -- arbitrary code execution vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part ...