3458 matches found
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
Design/Logic Flaw
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
CVE-2010-3933
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
CVE-2010-3063
The phpmysqlndreaderrorfromline function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used...
Pligg Multiple SQL Injection Vulnerabilities
Pligg CMS is prone to multiple SQL injection vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Opera Browser Multiple Vulnerabilities july-10 (Win01)
The host is installed with Opera web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvulnwin01july10.nasl 5323 2017-02-17 08:49:23Z teissa $ Opera Browser Multiple Vulnerabilities july-10 Win01 Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...
CVE-2010-2658
Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site...
File inputs can disclose the path to selected files – Opera Security Advisories
File inputs can disclose the path to selected files – Opera Security Advisories OPCOM Team | June 29, 2010 Severity Less severe Description When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitiv...
Opera < 10.54 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system MS10-032 954 - It may be possible to use data URIs in a...
PT-2010-3699 · Python +1 · Python +1
Name of the Vulnerable Software and Affected Versions: Python versions 2.7 through 3.2 Description: The issue arises from the audioop module in Python not verifying the relationships between size arguments and byte string lengths. This allows context-dependent attackers to cause a denial of...
REZERVI Belegungsplan und Gästedatenbank 'include/mail.inc.php' Remote File Include Vulnerability
UTILO REZERVI Belegungsplan und Gästedatenbank is prone to a remote file-include vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...
libESMTP multiple vulnerabilities
This host has libESMTP installed and is prone to multiple vulnerabilities. Vulnerabilities Insight: Multiple flaws are due to: - An error in 'matchcomponent' function in 'smtp-tls.c' when processing substrings. It treats two strings as equal if one is a substring of the other, which allows...
Left 4 Dead Stats 1.1 SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================= Left 4 Dead Stats 1.1 SQL Injection Vulnerability ================================================= Left 4 Dead Stats SQL Injection Vulnerability Author: Sora Website:...
Ananta Gazelle 1.0 SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: Ananta Gazelle SQL Injection Vulnerability Vendor: http://www.anantasoft.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: Ananta Gazelle is a rich JavaScript enabled CMS with...
DasForum Local File Inclusion
'/ -.- --------------------oOO------OOo------------------- | DasForum layout Local File Inclusion Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Download: http://mirror.vocabbuilder.net/savannah/dasforum/ ! Date:...
Calendar Express 2 Cross Site Scripting
Exploit Title: Calendar Express 2 Cross Site Scripting Exploit Date: January 11th, 2010 Author: Sora Version: 2.0 Tested on: Windows Vista Home Premium and Linux 2.6.32 ---------------------------------------- Calendar Express 2 XSS Exploit Author: Sora Contact: vhr95zw at hotmail dot com Website...
Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= Ulisse's Scripts 2.6.1 ladder.php SQL Injection Vulnerability ============================================================= Tested on: Windows Vista Home Premium and Linux...
Left 4 Dead Stats SQL Injection
---------------------------------- Left 4 Dead Stats SQL Injection Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Google Dork: "In your dreams, script kiddies." VULNERABILITY DESCRIPTION: Left 4 Dead Stats suffers from a remote SQL...
Elite Gaming Ladders 3.0 - SQL Injection
Elite Gaming Ladders 3.0 - SQL Injection Exploit Title: Elite Gaming Ladders v3.0 SQL Injection Exploit Date: January 3rd, 2010 Author: Sora Version: 3.0 Tested on: Windows and Linux ---------------------------------------- Elite Gaming Ladders v3.0 SQL Injection Exploit Contact: vhr95zw at hotma...