448 matches found
vBulletin 3.6.10/3.7.2 '$newpm[title]' Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30777/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11191/info BBS E-Market Professional is reported prone to multiple file disclosure vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. A remote attacker can disclose arbitrary...
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2013:1957-1)
update to Thunderbird 24.2.0 bnc854370 - requires NSS 3.15.3.1 or higher - MFSA 2013-104/CVE-2013-5609/CVE-2013-5610 Miscellaneous memory safety hazards - MFSA 2013-108/CVE-2013-5616 bmo938341 Use-after-free in event listeners - MFSA 2013-109/CVE-2013-5618 bmo926361 Use-after-free during Table...
SuSE 11.2 Security Update : gpg2 (SAT Patch Number 7737)
This update for gpg2 provides the following fixes : - Set proper file permissions when en/de-crypting files. bnc780943 - Fix an issue that could cause corruption of the public keys database. CVE-2012-6085, 798465 - Select proper ciphers when running in FIPS mode bnc808958 Security Issue reference...
hmap
This plugin fingerprints the remote web server and tries to determine the server type, version and patch level. It uses fingerprinting, not just the Server header returned by remote server. This plugin is a wrapper for Dustin Lees hmap. One configurable parameters exist: genFpF If genFpF is set t...
CVE-2012-4522
The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...
SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure
This module attempts to identify software, OS and DB versions through the SAP function THSAPREL using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspire...
openSUSE Security Update : postgresql (postgresql-1773)
An unprivileged, authenticated PostgreSQL user could create a table which references functions with malicious content. Maintenance operations carried out be the database superuser could execute such functions CVE-2009-4136. Embedded null bytes in the common name of SSL certificates could bypass...
vBulletin - Multiple Versions - Cross Site Script Redirection
No description provided by source. vBulletin - Cross Site Script Redirection Versions Affected: 3.8.4 / 3.7.6 / 3.6.12 Patches Available: 3.8.4PL1 / 3.7.6PL1 / 3.6.12PL1 Info: An XSS flaw within the user profile page has recently been discovered. This could allow an attacker to carry out an actio...
SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow
Added: 04/07/2009 CVE: CVE-2007-4475 BID: 34310 OSVDB: 53066 Background SAPgui for Windows registers the EAI WebViewer3D ActiveX control. Problem A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the...
SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow
Added: 04/07/2009 CVE: CVE-2007-4475 BID: 34310 OSVDB: 53066 Background SAPgui for Windows registers the EAI WebViewer3D ActiveX control. Problem A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the...
FreeBSD Security Advisory (FreeBSD-SA-06:21.gzip.asc)
The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:21.gzip.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
vBulletin '$newpm[title]' 跨站漏洞
vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the...
vBulletin 3.6.103.7.2 - $newpm[title] Cross-Site Scripting
vBulletin 3.6.103.7.2 - $newpmtitle Cross-Site Scripting source: https://www.securityfocus.com/bid/30777/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
vBulletin 3.6.10/3.7.2 - '$newpm[title]' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30777/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...
Cleartext protocols settings
This script just sets global variables telnet/rexec/rsh logins and passwords that are used to perform host-level patch level checks. You should avoid using these cleartext protocols when doing a scan, as Nessus will basically broadcast the password to every tested host. TRUSTED...
Solaris 9 (x86) : 118536-06
SunOS 5.9x86: sh/jsh/rsh/pfsh Patch. Date this patch was last updated by Sun : Aug/17/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...
Checkpoint Firewall-1 Patch Level 0 Detection
Binary data 2904.prm...
Checkpoint Firewall-1 Patch Level 1 Detection
Binary data 2905.prm...
Checkpoint Firewall-1 Patch Level 2 through 6 Detection
Binary data 2906.prm...