1931 matches found
FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)
Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...
php -- multiple security vulnerabilities
PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...
Code injection
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions group writable, which allows local admin users to gain root privileges by replacing...
Unfixed Script Insertion vulnerability at www.pandaweaver.co.uk
Security researcher KaBuS, has submitted on 11/04/2007 a Script Insertion vulnerability affecting www.pandaweaver.co.uk, which at the time of submission ranked 8005597 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/04/2007. It is currently...
Unfixed Script Insertion vulnerability at www.blog.woosternaturalfoods.com
Security researcher KaBuS, has submitted on 11/04/2007 a Script Insertion vulnerability affecting www.blog.woosternaturalfoods.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/04/2007. It is...
Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion
====================================================================== Secunia Research 29/10/2007 - IBM Tivoli Storage Manager Client CAD Service Script Insertion - ====================================================================== Table of Contents Affected...
Unfixed Script Insertion vulnerability at www.task.com.br
Security researcher blueman, has submitted on 28/10/2007 a Script Insertion vulnerability affecting www.task.com.br, which at the time of submission ranked 300605 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently...
Unfixed Script Insertion vulnerability at www.thesnapper.com
Security researcher blueman, has submitted on 28/10/2007 a Script Insertion vulnerability affecting www.thesnapper.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixed...
Unfixed Script Insertion vulnerability at www.stickam.jp
Security researcher kusomiso.com, has submitted on 26/10/2007 a Script Insertion vulnerability affecting www.stickam.jp, which at the time of submission ranked 30731 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently...
Unfixed Script Insertion vulnerability at www.thedecline.info
Security researcher sleaz, has submitted on 26/10/2007 a Script Insertion vulnerability affecting www.thedecline.info, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixed...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
Unfixed Script Insertion vulnerability at mobile-sg.com
Security researcher st@rext, has submitted on 25/10/2007 a Script Insertion vulnerability affecting mobile-sg.com, which at the time of submission ranked 288182 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/10/2007. It is currently unfixed...
Moderate: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The...
php cross-site cookie insertion
The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...
Unfixed Script Insertion vulnerability at vip2ch.com
Security researcher kusomiso.com, has submitted on 22/10/2007 a Script Insertion vulnerability affecting vip2ch.com, which at the time of submission ranked 24176 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixe...
Unfixed Script Insertion vulnerability at www.guestbookcentral.com
Security researcher Mutant, has submitted on 10/09/2007 a Script Insertion vulnerability affecting www.guestbookcentral.com, which at the time of submission ranked 363907 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/09/2007. It is current...
Unfixed Script Insertion vulnerability at randomdude.com
Security researcher WhatALegend, has submitted on 10/09/2007 a Script Insertion vulnerability affecting randomdude.com, which at the time of submission ranked 1439319 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2007. It is currently...
Unfixed Script Insertion vulnerability at www.dominodude.com
Security researcher WhatALegend, has submitted on 10/09/2007 a Script Insertion vulnerability affecting www.dominodude.com, which at the time of submission ranked 4230401 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/09/2007. It is current...
Unfixed Script Insertion vulnerability at mydoop.org
Security researcher KaBuS, has submitted on 10/04/2007 a Script Insertion vulnerability affecting mydoop.org, which at the time of submission ranked 6375838 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/04/2007. It is currently unfixed. If...
Fixed Script Insertion vulnerability at www.lowestpricemart.com
Security researcher Uber0n, has submitted on 25/09/2007 a Script Insertion vulnerability affecting www.lowestpricemart.com, which at the time of submission ranked 1353896 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 27/09/2007. It is current...