CVE-2008-3622

Cross-site scripting XSS vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."...

Vulnerabilities in FeedBurner FeedSmith for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и HTTP Response Splitting + Cross-Site Scripting уязвимостях в плагине FeedBurner FeedSmith для WordPress. Который разрабатывается FeedBurner, принадлежащей компании Google. Full path disclosure:...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only...

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

CVE-2008-3553

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2008-3553.

CVE-2008-3553

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807, the only disclosure is a vague...

CVE-2008-3552

Technical details for CVE-2008-3552 are not publicly available in the provided documents. The connected records do not disclose affected products, versions, or exploit information. Monitor for updates from official advisories to clarify scope and remediation.

CVE-2008-3552

Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only...

Vulnerabilities in FireStats

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Full path disclosure и Cross-Site Scripting уязвимостях в FireStats плагине для WordPress и других CMS. Full path disclosure: http://site/wp-content/plugins/firestats/js/firestats.js.php...

ProCheckUp Security Advisory 2008.13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR08-13: Persistent Cross-site Scripting XSS on Moodle via blog entry title Vulnerability found: 20/06/2008 Vendor informed: 25/06/2008 Vulnerability fixed: 16/07/2008 Advisory publicly released: 22/07/2008 Severity: High Description: By creating a ne...

Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service

source: https://www.securityfocus.com/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. Attackers can exploit this issue by sending a persistent stream of 'POKE' requests that will consume processo...

Context IS Advisory - MS08-39 OWA XSS

===============================ADVISORY=============================== Systems Affected: Microsoft Outlook Web Access 2003 and 2007 Exchange Server 2003 SP2, Exchange Server 2007, Exchange Server 2007 SP1 Severity: High Category: Cross Site Scripting, Cross Site Request Forgery Author: Context...

vbulletin-adminxss.txt

====================================================================== Advisory : XSS in admin logs Release Date : July 06th 2008 Application : vBulletin Version : vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors : Jessica Hop...

CVE-2008-2711

CVE-2008-2711 affects fetchmail versions 6.3.8 and earlier. In verbose log mode, a malformed mail message with long headers can trigger an erroneous dereference during log formatting (vsnprintf), causing a remote denial of service via a crash and resulting persistent mail failure. Connected advis...

PR07-44: XSS on RSA Authentication Agent login page

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PR07-44: XSS on RSA Authentication Agent login page Vulnerability found: 5th December 2007 Vendor informed: 13th December 2007 Severity: Medium-high Successfully tested on: RSA Authentication Agent 5.3.0.258 for Web for Internet Information Services...

gallarific-xss.txt

Hello, I was looking at the free version of gallarific, and I found some suspicious code in the scopbin directory. Attached is a file I found in the zip i downloaded, in case someone wants to decode it. the package can be downloaded from http://www.gallarific.com/download.php Also, the software...

Windows Command Shell, Bind TCP (via Perl)

Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 139 include Msf::Payload::Single include...

eforum-xss.txt

eForum v0.4 - NON-PERSISTENT XSS by Omni 1 Infos --------- Date : 2008-03-05 Product : eForum Version : v 0.4 Vendor : http://www.phpbrasil.com/scripts/script.php/id/169 Vendor Status : 2008-03-18 Not Informed! 2008-03-18 Published! Description : eForum is an easy-to-install discussion board that...

F5 BIG-IP Web Management Console XSS

F5 BIG-IP Web Management Console XSS Product: F5 BIG-IP http://www.f5.com/products/big-ip/ The F5 BIG-IP web management interface contains a potentially persistent cross-site scripting vulnerability in the "Console" feature. Output from executed console commands is wrapped in textarea intentional...