541 matches found
CentOS Update for gc CESA-2013:1500 centos6
Check for the Version of gc OpenVAS Vulnerability Test CentOS Update for gc CESA-2013:1500 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
RHEL 6 : gc (RHSA-2013:1500)
Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...
Medium: gc
Issue Overview: It was discovered that gc's implementation of the malloc and calloc routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc and calloc routines, a remote attacker...
CMS Cameron McKenna 2013 Cross Site Scripting
+=============================================================================================+ + ©CMS Cameron McKenna 2013 Allow Execute Evil Remote Code + +=============================================================================================+ Authors: Ivan Sanchez & Raul DiazDshellnoi...
Tienda Online CMS Cross Site Scripting
+=============================================================================================+ + Software Gestión GESIO & XSS & Allow Execute Evil Remote Code + +=============================================================================================+ Authors: Ivan Sanchez & Raul Diaz...
PragmaMX Multiple Cross-Site Scripting Vulnerabilities
PragmaMX is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Console: XSS in invoke operation
It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...
Ubiquiti AirOS <= 5.5.2 Remote POST-Auth Root Command Execution
Exploit for hardware platform in category remote exploits !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Ubiquiti AirOS 0x90.nl Software link :...
Spiceworks 6.0.00993 Cross Site Scripting
!-- Title: Spiceworks 6.0.00993 Multiple Script Injection Vulnerabilities Vendor: Spiceworks Inc. Product web page: http://www.spiceworks.com Affected version: 6.0.00993 and 6.0.00966 Summary: The Spiceworks IT Desktop delivers nearly everything you need to simplify your IT job. Available in a...
The JIRA/Crowd applications fail to properly sanitize user input in the query string of the website or in the value of a parameter
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-29640. panel We need to avoid Cross-site Scripting vulnerabilities. A function should be created to provide server side and client side inpu...
Joomla! Component JE Auto 1.0 - SQL Injection
JE Auto 1.0 SQL Injection Vulnerability Name JE Auto Vendor http://joomlaextensions.co.in/extensions/components/je-auto.html Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-09 X. INDEX I. ABO...
Squirrelcart PRO 3.0.0 - Blind SQL Injection
Squirrelcart PRO 3.0.0 Blind SQL Injection Vulnerability Name Squirrelcart PRO Vendor http://www.squirrelcart.com Versions Affected 3.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-21 X. INDEX I. ABOUT THE...
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability
RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability Name RedShop Vendor http://redweb.dk Versions Affected 1.0.23.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-13 X. INDEX I. ABOUT THE...
packeteer-xss.txt
Packeteer Products File Listing XSS Product: Packeteer PacketShaper http://www.packeteer.com/products/packetshaper/ Packeteer PolicyCenter http://www.packeteer.com/products/packetshaper/policycenter.cfm The web management interface of several Packeteer products contains a cross-site scripting...
iwebnegar11.txt
:: IwebNegar v1.1 Multiple vulnerabilities :: ------------------------------------------------ Software : IwebNegar v1.1 Website : ---- Bug Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerability ------------------------------------------------- Parameter "comment" are not...
Barracuda Spam Firewall 3.3.03.053 - Remote Code Execution (1)
Title: Barracuda Arbitrary File Disclosure + Command Execution Severity: High Sensitive Information Disclosure Date: 01 August 2006 Version Affected: Barracuda Spam Firewall version 3.3.01.001 to 3.3.03.053 Discovered by: Greg Sinclair [email protected] Discovered on: 29 May 2006 Overview:...
Hot Links SQL 3.x XSS vuln.
Hot Links SQL 3.x XSS vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/hot-links-sql-3x-xss-vuln.html vendor:http://www.mrcgiguy.com/hlsqldetails.shtml affected version:3.1.x and prior Product Description: irectory style index allows for easy...
PHPCart - Input Validation
source: https://www.securityfocus.com/bid/13406/info PHPCart is prone to a remote input validation vulnerability. The issue exists because the software fails to sufficiently sanitize URI parameter data that is employed when computing product charges. A remote attacker may exploit this issue to...
Kerio Personal Firewall 2.1.x/4.x - Local Denial of Service
source: https://www.securityfocus.com/bid/11859/info It is reported that the Kerio Personal Firewall KPF driver does not sufficiently sanitize API parameters that are received from API's that are hooked by KPF. When the KPF API hook handles certain parameter data it will fail. Reports indicate th...
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities
PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/7898/info The PostNuke 'modules.php' script does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of...