Lucene search
K

925 matches found

Prion
Prion
added 2010/10/19 12:0 a.m.13 views

Design/Logic Flaw

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a "...

9.3CVSS7.3AI score0.26086EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2010/10/19 12:0 a.m.41 views

RealPlayer Enterprise for Windows < Build 6.0.12.1823 Multiple Vulnerabilities

According to its build number, the installed version of RealPlayer on the remote Windows host has multiple buffer overflow vulnerabilities : - A 'QCP' parsing heap-based buffer overflow vulnerability exists. CVE-2010-2578 - An uninitialized pointer vulnerability exists in the CDDA URI ActiveX...

10CVSS6.6AI score0.35352EPSS
Exploits10References8
Cvelist
Cvelist
added 2010/10/18 10:0 p.m.25 views

CVE-2010-3749

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a "...

6.8AI score0.26086EPSS
Exploits1References5
CVE
CVE
added 2010/10/18 10:0 p.m.47 views

CVE-2010-3749

The CVE-2010-3749 flaw affects RealNetworks RealPlayer 11.0–11.1 and RealPlayer SP 1.0–1.1, in the browser-plugin/ActiveX implementation for the RecordClip method. A specific argument containing a double-quote enables parameter injection that allows remote code execution: an attacker can craft a ...

9.3CVSS6.9AI score0.26086EPSS
Exploits1References5Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2010/10/15 12:0 a.m.30 views

RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the browser plugins provided by...

9CVSS7.4AI score0.26086EPSS
Exploits1References1
NVD
NVD
added 2010/07/12 1:27 p.m.18 views

CVE-2009-4926

Multiple cross-site scripting XSS vulnerabilities in Online Contact Manager formerly EContact PRO 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showGroup parameter to a index.php and the 2 id parameter to b view.php, c email.php, d edit.php, and e delete.php...

4.3CVSS5.8AI score0.01636EPSS
Exploits1References3
Prion
Prion
added 2010/07/12 1:27 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Online Contact Manager formerly EContact PRO 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showGroup parameter to a index.php and the 2 id parameter to b view.php, c email.php, d edit.php, and e delete.php...

4.3CVSS6.1AI score0.01636EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2010/06/25 7:30 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...

4.3CVSS5.8AI score0.01488EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2009/12/01 12:0 a.m.16 views

Eshopbuilde CMS SQL Injection

================= IUT-CERT ================= Title: Eshopbuilde CMS SQL Injection Vulnerability Vendor: www.eshopbuilder.ir Dork: Design by Satcom Co Type: Input.Validation.Vulnerability SQL Injection Fix: N/A ================== nsec.ir ================= Description: ------------------ Eshopbuild...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2009/11/24 12:0 a.m.237 views

PEAR Mail软件包Sendmail Mail::Send()方式参数注入漏洞

BUGTRAQ ID: 37081 PEAR是“PHP扩展和应用库”的缩写,用于为PHP用户提供结构化的开源代码库。 PEAR的Mail软件包中sendmail实现没有正确地过滤对Mail::Send方式所提交的from参数,远程攻击者可以向sendmail命令传送任意参数,绕过安全限制获取任意文件的内容。 PEAR Mail 1.1.4 厂商补丁: PEAR ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/11/11 12:0 a.m.43 views

CUPS < 1.4.2 kerberos Parameter XSS

According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.2. The 'kerberos' parameter in such versions is not properly sanitized before being used to generate dynamic HTML content. An attacker can leverage this issue via a combination of attribute injection and...

4.3CVSS5.6AI score0.0578EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2009/09/10 12:0 a.m.27 views

GLSA-200909-06 : aMule: Parameter injection

The remote host is affected by the vulnerability described in GLSA-200909-06 aMule: Parameter injection Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact : A remote attacker could entice a user to download a file with a specially crafted file nam...

6.8CVSS5.7AI score0.0154EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2009/09/09 12:0 a.m.31 views

aMule: Parameter injection

Background aMule is an eMule-like client for the eD2k and Kademlia networks, supporting multiple platforms. Description Sam Hocevar discovered that the aMule preview function does not properly sanitize file names. Impact A remote attacker could entice a user to download a file with a specially...

6.8CVSS6.5AI score0.0154EPSS
Exploits1
seebug.org
seebug.org
added 2009/08/04 12:0 a.m.9 views

Perl$hop e-commerce Script Trust Boundary Input Parameter Injection

No description provided by source. A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2009/08/04 12:0 a.m.17 views

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a l...

0.8AI score
Exploits0
0day.today
0day.today
added 2009/08/04 12:0 a.m.28 views

Perl$hop e-commerce Script Trust Boundary Input Parameter Injection

Exploit for cgi platform in category web applications =================================================================== Perl$hop e-commerce Script Trust Boundary Input Parameter Injection =================================================================== A while back I was playing around with...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2009/06/22 7:0 p.m.15 views

CVE-2009-2156

Multiple cross-site scripting XSS vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via 1 the Title field to requests.php, related to viewrequests.php; and 2 the Torrent Name field to torrents-upload.php, related to the logging o...

6.7AI score0.01516EPSS
Exploits1References7
Prion
Prion
added 2009/04/06 4:30 p.m.13 views

Directory traversal

Multiple directory traversal vulnerabilities in Blogplus 1.0 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 rowmysqlblockscenterdownfile parameter to includes/blockcenterdown.php; 2 rowmysqlblockscentertopfile includes/parameter to blockcentertop.php...

7.5CVSS7.8AI score0.0286EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2009/04/01 12:0 a.m.63 views

[DSECRG-09-013] IBM WebSphere Application Server 7.0 Multiple XSS Vulnerabilities

Digital Security Research Group DSecRG Advisory DSECRG-09-013 !!! official advisory: !!! http://dsecrg.com/pages/vul/DSECRG-09-013.html Application: IBM WebSphere Application Server Versions Affected: 7.0 and 6.1 Vendor URL: http://www.ibm.com/websphere/ Bug: Multiple XSS Vulnerabilities Exploits...

0.2AI score
Exploits0
NVD
NVD
added 2009/03/26 9:0 p.m.25 views

CVE-2008-6531

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."...

6.8CVSS6.8AI score0.01753EPSS
Exploits0References5
Rows per page
Query Builder