1241 matches found
phpMyAdmin Cross-site Scripting Vulnerability
========================================================== Title: phpMyAdmin Cross-site Scripting Vulnerability Application: phpMyAdmin Vendor: http://www.phpmyadmin.net Vulnerable Versions: =2.6.2-beta1 Corrected: phpMyAdmin versions after 2.6.2-beta1 Bug: Cross-site Scripting Date: 3-Apr-2005...
Sun Java Applet Invocation Version Specification
The remote version of Windows contains a version of the Java JRE that is older than 1.4.206 / 1.3.113. Even if a newer version of this software is installed, a malicious Java applet may invoke a particular version of the Java JRE to be executed with. As a result, a rogue Java applet could exploit...
FreeBSD Ports : Multiple Browsers Frame Injection
The remote host is running one of the following package : kdelibs 3.2.33 kdebase 3.2.31 7.50 = linux-opera 7.52 7.50 = opera 7.52 firefox 0.9 linux-mozilla 1.7 linux-mozilla-devel 1.7 mozilla-gtk1 1.7 mozilla 1.7,2 netscape7 7.2 These packages contain a bug which may allow an attacker to perform ...
PsNews index.php Multiple Parameter XSS
The remote server is running a version of PsNews a content management system which is older than 1.2. This version is affected by multiple cross-site scripting flaws. An attacker may exploit these to steal the cookies from legitimate users of this website. %NASLMINLEVEL 70300 C Tenable Network...
Solaris 9 (x86) : 117172-17
SunOS 5.9x86: Kernel Patch. Date this patch was last updated by Sun : Jan/24/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
AIX Technology Level Out of Date
The remote AIX operating system is lagging behind its official Technology Level TL and may therefore be missing critical security patches. NOTE: Findings may be affected by an extended support contract. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
Solaris 9 (i386) : 116558-03
The remote host is missing Sun Security Patch number 116558-03 c2audit Patch. Date this patch was last updated by Sun : Wed Jan 26 04:05:50 MST 2005 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated...
DoS in Plug and Play Web Server Proxy Server
DoS in Plug and Play Web Server Proxy Server ============================== Plug & Play server is a HTTP/FTP/NEWS/MAIL/TELNET/DNS/DHCP/HTTP-PROXY server, running on Windows platforms. Version: 1.0002c -------- Vendor: www.pandpsoft.com ------- Vulnerability: -------------- Sending the following...
Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow Vulnerability
Description Microsoft has reported a buffer overflow vulnerability in Windows Media Services. This is due to a problem with how the logging ISAPI extension handles incoming client requests. This could cause arbitrary code execution in IIS, which is exploitable through Media Services. Technologies...
DSA-280 samba - buffer overflow
Bulletin has no description...
SRT Security Advisory (SRT2002-04-31-1159): Mnews
====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-04-31-1159 Topic : Mnews local and remote overflow vulnerabilities Date : May 31, 2002 Credit : zillionatsafemode.org Site : http://www.snosoft.com...
CVE-1999-1074
Webmin before 0.5 is affected: it does not restrict the number of invalid password attempts for a valid username, enabling remote attackers to attempt brute‑force password cracking and potentially gain privileges. The issue is described across CVE-1999-1074 records (CVE/NVD/CVELIST) and corrobora...
Многочисленные дырки в дистрибутиве SCO 5.0.6
В дистрибутив вошли старые версии различных продуктов имеющие удаленны и локальные уязвимости...
ProFTPD Multiple Remote Overflows (palmetto)
The remote ProFTPd server is running a 1.2.0preN version. All the 1.2.0preN versions contain several security flaws that allow an attacker to execute arbitrary code on this host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10464; scriptversion"1.25";...
access.counter-4.0.7.txt
The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server. Of course, other exploits can be used to get root access on an unpatched OS. The counter...
RedHat Linux 5.0/5.1/5.2 / Slackware Linux 3.5 - 'klogd' Local Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/398/info It is possible to cause a denial of service remote and local through generating old, obscure kernel messages not terminated with \n in klogd. The problem exists because of a buffer overflow in the klogd handling of kernel messages. It is...
CVE-1999-0662
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete...
PT-1999-1251 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned. Description: A system-critical program or library is missing the appropriate patch, hotfix, or service pack, or is outdated or obsolete. Recommendations: At the moment, there is no...
Authentication bypass via attacker provided openid server
Description Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These a...
Authentication bypass via attacker provided openid server
Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...