UBUNTU-CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

OpenSSL 'Heartbleed' Vulnerability

A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL...

BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP

Exploit for windows platform in category local exploits EDB Note, XPSP3 - my $eip = pack'V',0x7c868667; jmp ESP on kernel32.dll Date: Tue Apr 8 2014 Vendor link: http://www.blazevideo.com/download.htmm Software Link: http://www.blazevideo.com/download.php?product=BlazeDVDPro App Version: 6.1 Test...

Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Google’s Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed...

CVE-2013-6232

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

Cross site scripting

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

CVE-2013-6232

Cross-site scripting XSS vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page...

CVE-2014-2067

Cross-site scripting XSS vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."...

(spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

Microsoft Internet Explorer Version Detection

The remote Windows host contains Internet Explorer, a web browser created by Microsoft. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72367; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/02/01"; scriptxrefname:"IAVT",...

CVE-2014-0812

Cross-site scripting XSS vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-0812

Joyful Note (KENT-WEB) is affected by a cross-site scripting (XSS) vulnerability in Joyful Note version 2.8 and earlier. The issue enables arbitrary script execution in the victim’s browser (via unspecified vectors) when using affected software. Root cause details in connected JVN records indicat...

CVE-2014-0812

Cross-site scripting XSS vulnerability in KENT-WEB Joyful Note 2.8 and earlier, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Joyful Note vulnerable to cross-site scripting

Overview Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the lates...

JVN#30718178: Joyful Note vulnerable to cross-site scripting

Joyful Note from KENT-WEB is a bulletin board software that a user can upload a binary file such as an image file. Joyful Note contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply an update Update to the latest version...

Network Time Protocol (NTP) Amplification Attacks

A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack DDoS via forged requests. US-CERT and the Canadian Cyber Incident Response Center CCIRC have both observed active use of this attack vector in recent DDoS attacks. US-CERT...

Wordpress Formcraft Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : S...

CVE-2013-6904

Cross-site scripting XSS vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress Plugin Formcraft - SQL Injection

WordPress Plugin Formcraft - SQL Injection Exploit Title : Wordpress formcraft Plugin Sql Injection Exploit Author : Ashiyane Digital Security Team Google Dork : inurl:/wp-content/plugins/formcraft Software Link : www.wordpress.org Tested on: Windows , Linux Date: 2013/12/2 Exploit : Sql Injectio...

SAP NetWeaver Message Server – DoS

Application: SAP NetWeaver Message Server Versions Affected: SAP KERNEL 7.20 32BIT Vendor URL: http://www.sap.com Bugs: Improper Input Validation Exploits: PoC Reported: 10.07.2013 Vendor response: 11.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1773912 Author: George...