Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

CVE-2008-1850

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

CVE-2008-1850

The CVE-2008-1850 entry describes multiple cross-site scripting (XSS) vulnerabilities in the login.php component of Omnistar Interactive OSI Affiliate. The underlying issue is improper handling of user-supplied parameters (login, profile, profile2, ref), allowing remote attackers to inject arbitr...

CVE-2008-1850

Multiple cross-site scripting XSS vulnerabilities in login.php in Omnistar Interactive OSI Affiliate allow remote attackers to inject arbitrary web script or HTML via the 1 login, 2 profile, 3 profile2, and 4 ref parameters...

Windows Command, Double Reverse TCP Connection (via Perl)

Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 148 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo...

CVE-2008-0917

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

Cross site scripting

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

CVE-2008-0917

In the connected documents, CVE-2008-0917 is described as a cross-site scripting (XSS) vulnerability in multiple Tor World CGI scripts, including Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1, Diary.cgi 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Int...

CVE-2008-0917

Cross-site scripting XSS vulnerability in Tor World Tor Search 1.1 and earlier, I-Navigator 4.0, Mobile Frontier 2.1 and earlier, Diary.cgi aka Quotes of the Day 1.5 and earlier, Tor News 1.21 and earlier, Simple BBS 1.3 and earlier, Interactive BBS 1.3 and earlier, Tor Board 1.1 and earlier,...

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

Design/Logic Flaw

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...

CVE-2008-0667

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...

CVE-2008-0667

The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...

CVE-2008-0667

CVE-2008-0667 concerns Adobe Acrobat/Reader and the DOC.print API in the JavaScript layer. The vulnerability arises from a design/logic flaw that allows a PDF to silently trigger printing of any number of copies without user interaction, potentially enabling abuse of the printer. Affected product...

PHP Real Estate - fullnews.php?id SQL Injection

PHP Real Estate - fullnews.php?id SQL Injection --==+================================================================================+==-- --==+ PHP Real Estate SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR:...

[SECURITY] Fedora 7 Update: kdeedu-3.5.8-2.fc7

Educational/Edutainment applications, including: blinken: Simon Says Game kalzium: Periodic Table of Elements kanagram: Letter Order Game kbruch: Exercise Fractions keduca: Tests and Exams kgeography: Geography Trainer khangman: Hangman Game kig: Interactive Geometry kiten: Japanese Reference/Stu...

openSUSE 10 Security Update : wget (wget-1689)

This update fixes a security in wget, where evil servers could send terminal escape codes to the user calling wget. This would only affect interactive sessions. CVE-2004-1488 Additionaly a previous '.file' fix was found to be buggy and replaced. This bug could lead to '.directories' not being...

[SECURITY] Fedora 7 Update: mapserver-4.10.3-2.fc7

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

Windows平台的Cisco VPN客户端多个本地权限提升漏洞

BUGTRAQ ID: 25332 Cisco VPN客户端允许用户创建到支持Cisco VPN设备的IPSec VPN隧道。 Microsoft Windows的Cisco VPN客户端中存在两个漏洞，允许本地非特权用户提升权限。 1. 通过Microsoft Windows拨号网络接口的本地权限提升 非特权用户可以通过启用Start Before Logon（SBL）功能并配置VPN配置使用Microsoft拨号网络接口将权限提升到LocalSystem帐号用户的权限。如果同时启用并配置了这两个设置，就可以在Windows登录窗口中使用Cisco...

DEBIAN-CVE-2007-3719

The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service CPU consumption, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."...