ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting

Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...

Internet Explorer Object Lifetime Management Memory Corruption (MS11-018; CVE-2011-1345)

A remote code execution vulnerability has been reported in Internet Explorer. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML file with Internet Explorer, which will cause the browser to crash and may allow execution of arbitrary commands. The...

RedHat Update for thunderbird RHSA-2010:0968-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2010:0968-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Critical: Red Hat Security Advisory: xulrunner security update

Updated xulrunner packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Adobe AcroPDF ActiveX Control Memory Corruption (CVE-2006-6027)

A memory corruption vulnerability exists in the Adobe AcroPDF ActiveX control. The flaw is due by improper handling of arguments passed to certain methods and properties exposed by the control. By enticing a user to open a malicious HTML page, an attacker may inject and execute arbitrary code on...

Internet Explorer Windows Help and Support Center Remote Code Execution (CVE-2010-1885)

The Help and Support Center HSC is a feature in Windows that provides help on a variety of topics. HSC enables users to learn about Windows features, download and install software updates, get assistance from Microsoft and so forth. A remote attacker could exploit this issue by convincing a user ...

Opera Web Browser Heap Based Buffer Overflow Vulnerability (Windows)

The host is installed with Opera Web Browser and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gboperafileheapbofvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Heap Based Buffer Overflow Vulnerability Windows Authors: Chandan S Copyright: Copyrigh...

Opera Web Browser Heap Based Buffer Overflow Vulnerability - Windows

Opera Web Browser is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hummingbird Deployment Wizard 10 - DeployRun.dll ActiveX Control Multiple Security Vulnerabilities

Hummingbird Deployment Wizard 10 - DeployRun.dll ActiveX Control Multiple Security Vulnerabilities source: https://www.securityfocus.com/bid/31799/info Hummingbird Deployment Wizard 10 ActiveX control is prone to multiple vulnerabilities that attackers can exploit to run arbitrary code. The issue...

Mozilla Firefox 2.0.0.3 - Href Denial of Service

Mozilla Firefox 2.0.0.3 - Href Denial of Service source: https://www.securityfocus.com/bid/23747/info Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits can allo...

Mozilla Firefox 2.0.0.3 - Href Denial of Service

source: https://www.securityfocus.com/bid/23747/info Firefox is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits can allow attackers to crash the affected browser,...

WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow

/ WinZip - prdelka / incl...

Opera Web Browser 9 - CSS Background URI Memory Corruption

Opera Web Browser 9 - CSS Background URI Memory Corruption source: https://www.securityfocus.com/bid/19166/info Opera Web Browser is prone to a memory-corruption vulnerability. A remote attacker may trigger this issue by enticing a user to visit a malicious website. This issue has been reported i...

Gentle-killer－cross-site Script attacks-vulnerability warning-the black bar safety net

Gentle-killer－cross-site Script attack · Translation:Billi·transfer from CPCW The first part: cross-site SCRIPT attacks in several ways: Whenever we think of hackers, a hacker is often such a portrait: a lonely man, snuck into someone else's server, destroying or stealing someone else's secret...

Webalizer Cross Site Scripting Vulnerability

Webalizer have a cross-site scripting vulnerability, that could allow malicious HTML tags to be injected in the reports generated by the Webalizer. SPDX-FileCopyrightText: 2001 Alert4Web.com Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

USN-206-1: Lynx vulnerability

Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server NNTP. The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be...

PHP-Fusion <= 6.00.105 Multiple Vulnerabilities

According to its banner, the remote host is running a version of PHP-Fusion that is affected by multiple vulnerabilities : - An Information Disclosure Vulnerability PHP Fusion stores database backups in a known location within the web server's documents directory. An attacker may be able to...

Invision Power Board index.php Multiple Parameter XSS

The version of Invision Power Board installed on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user input via the 'act' parameter to the 'index.php' script. An unauthenticated attacker can exploit this flaw by injecting malicious HTML and script...

PHPMyDirectory 10.1.3 - review.php Multiple Cross-Site Scripting Vulnerabilities

PHPMyDirectory 10.1.3 - review.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12900/info phpMyDirectory is prone to a cross-site scripting vulnerability. The problem presents itself when malicious HTML and script code is sent to the application through...

auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities

auraCMS 1.5 Multiple Cross-Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/12708/info auraCMS is affected by multiple cross-site scripting vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied...