[SECURITY] Fedora 11 Update: drupal-views-6.x.2.9-1.fc11

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

[SECURITY] Fedora 12 Update: drupal-views-6.x.2.9-1.fc12

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

[SECURITY] Fedora 13 Update: drupal-views-6.x.2.9-1.fc13

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

[SECURITY] Fedora 12 Update: viewvc-1.1.5-1.fc12

ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...

Pwn2Own Safari Attack: Charlie Miller Hijacks MacBook

VANCOUVER, BC — For the third year in a row, Charlie Miller has hacked into a MacBook by exploiting a critical Safari browser vulnerability. At the CanSecWest Pwn2Own hacker contest here, Miller performed a clean drive-by download against Safari to get a full command shell on the MacBook. In the...

Citrix Web Interface源码信息泄露漏洞

BUGTRAQ ID: 38838 Citrix Web Interface是Citrix Presentation Server上使用的免费附件组件，允许用户使用浏览器连接到应用。 Citrix Web Interface的ClientScripts文件夹中的JavaScript文件包含有ASP.NET代码，Citrix ASPX文件会引用这些文件用于解析JS文件中的ASP.NET内容，解析后所生成的JavaScript内容在浏览器中ASPX页面显示。...

Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious presentation. The specific flaw exists in the handling of...

Citrix Program Neighborhood Agent Arbitrary Shortcut Creation (CVE-2004-1077)

Citrix Presentation Server, formally known as Citrix MetaFrame, is designed for central application deployment. This package allows applications to be deployed and managed by a farm of dedicated servers and allow client machines to access these applications remotely. There exists an arbitrary...

Citrix Program Neighborhood Agent Buffer Overflow (CVE-2004-1078)

Citrix Presentation Server, formally known as Citrix MetaFrame, is designed for central application deployment. This package allows applications to be deployed and managed by a farm of dedicated servers and allow client machines to access the applications remotely. There exists a buffer overflow...

gAlan Buffer Overflow

!/usr/bin/perl kpasa.pl AKA gAlan Buffer Overflow 0day Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.07.2009 "From Static Analysis to 0day Exploit" Originally a SecurityTubeCon Presentation, which I'm guessing was canceled without notice? At any rate, DoJoSe...

gAlan 0.2.1 Buffer Overflow 0day Exploit

Exploit for unknown platform in category local exploits ======================================== gAlan 0.2.1 Buffer Overflow 0day Exploit ======================================== Title: gAlan 0.2.1 Buffer Overflow 0day Exploit CVE-ID: OSVDB-ID: Author: Jeremy Brown Published: 2009-12-07 Verified:...

gAlan 0.2.1 Buffer Overflow 0day Exploit

No description provided by source. !/usr/bin/perl kpasa.pl AKA gAlan Buffer Overflow 0day Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.07.2009 "From Static Analysis to 0day Exploit" Originally a SecurityTubeCon Presentation, which I'm guessing was canceled...

gAlan 0.2.1 - Local Buffer Overflow (1)

gAlan 0.2.1 - Local Buffer Overflow 1 !/usr/bin/perl kpasa.pl AKA gAlan Buffer Overflow 0day Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 12.07.2009 "From Static Analysis to 0day Exploit" Originally a SecurityTubeCon Presentation, which I'm guessing was cancel...

Citrix Presentation Server IMA Invalid Event Data Length Denial of Service (CVE-2006-5861)

The Citrix MetaFrame products are remote access and application publishing products built on Citrix' Independent Computing Architecture ICA. The products allow for access and control of the remote hosts as well as deploying applications. There exists a memory access violation vulnerability in...

Cross site scripting

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

CVE-2009-3917

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

CVE-2009-3917

The CVE-2009-3917 entry concerns the Drupal S5 Presentation Player module (6.x-1.x) prior to 6.x-1.1. The issue is a cross-site scripting (XSS) vulnerability where an unspecified field copied into the HTML HEAD element can be abused to inject arbitrary scripts or HTML. The description notes the a...

CVE-2009-3917

Cross-site scripting XSS vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element...

SA-CONTRIB-2009-092 - S5 Presentation Player Cross Site Scripting

The S5 Presentation Player module enables the creation of an S5 slideshow using content from the site. The module does not properly sanitize user supplied text it includes in the HTML HEAD section, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user...

dedecms(plus/feedback_js.php)injection vulnerability-vulnerability warning-the black bar safety net

Found by:Rainy'Fox&St0p Team:two fat network securityhttp://bbs.erpangzi.com Affected version: dedecms GBK 5.1 Vulnerability description: 文件 :plus/feedbackjs.php ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; ifisarray$row $urlindex = $row'id'; Get...