Synology DiskStation Manager Cross-site Scripting (CVE-2012-1556)

Cross-site scripting XSS vulnerability in Synology Photo Station 5 for DiskStation Manager DSM 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photoone.php. This plugin only works with Tenable.ot. Please visit...

Cisco Acquires OpenDNS for $635 Million

Cisco continues to spend on security, today announcing its intent to acquire San Francisco-based OpenDNS for $635 million. OpenDNS’ domain name system and cloud-based security services bring threat data collected from those platforms to Cisco’s security offerings. “To build on Cisco’s advanced...

Stored Cross-site Scripting ('XSS') in Airvana HubBub C1-600-RT Femtocell

Advisory ID: NEOCAN-2013-002 Advisory Title: Stored XSS 'cross-site scripting' in Airvana HubBub C1-600-RT router Author: Scott Behrens / [email protected] Release Date: 02/27/2013 Vendor: Airvana Application: Airrave 2.5 router administration page Platform: Web Application Severity:...

ELOG < 2.6.2-7 DoS Vulnerability

ELOG is prone to a denial of service DoS vulnerability by requesting SPDX-FileCopyrightText: 2008 Justin Seitz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...

Borland InterBase ibserver.exe Service Attach request buffer overflow

Added: 04/21/2008 CVE: CVE-2008-1910 BID: 28730 OSVDB: 44455 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow vulnerability in ibserver.exe allows remote attackers to execute arbitrary commands by sending a long, specially...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

Oracle Database string conversion buffer overflow

Added: 08/23/2006 BID: 10871 OSVDB: 9890 Background Oracle Database is a relational database product for multiple platforms. Problem The string conversion function in Oracle Database is affected by a buffer overflow vulnerability. A remote attacker could execute arbitrary commands by sending a lo...

TWiki revision control shell command injection

Added: 04/06/2006 CVE: CVE-2005-2877 BID: 14834 OSVDB: 19403 Background TWiki is a web-based collaboration platform written in PERL. Problem The revision control function in TWiki does not sufficiently check the rev parameter before using it in a shell command call. This allows remote attackers t...

phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005 CVE: CVE-2005-2086 BID: 14086 OSVDB: 17613 Background phpBB is an open-source bulletin board package written in PHP. Problem This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter...

BasiliX Message Content Script Injection Vulnerability

The remote web server contains PHP scripts that are prone to cross-site scripting attacks. Description : The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions are vulnerable to cross-scripting attacks since they do not filter HTML tags when showing a message. As a...

YaPiG Remote Server-Side Script Execution Vulnerability

The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

HP-UX 11.11 - lpd Remote Command Execution (Metasploit)

HP-UX 11.11 - lpd Remote Command Execution Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dua...