FreeBSD Ports: phpmyadmin, phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID 882ef43b-901f-11d9-a22c-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: squirrelmail, ja-squirrelmail

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: phpmyadmin, phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Code injection

Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service application crash via a 1x1 JPEG image...

CVE-2008-3482

Cross-site scripting XSS vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

CVE-2008-3379

CVE-2008-3379 affects Snark VisualPic 0.3.1 and is a cross-site scripting (XSS) vulnerability. The issue arises from insufficient input sanitization of the pic parameter in the default URI, allowing remote attackers to inject arbitrary web script/HTML that executes in the victim’s browser. The vu...

CVE-2008-3334

Cross-site scripting XSS vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php...

CVE-2008-3198

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933...

CVE-2008-2997

CVE-2008-2997 : XSS vulnerability in Gravity Board X (GBX) 2.0 Beta. In GBX’s index.php, the subject parameter in the postnewsubmit (create new thread) action can be exploited to inject arbitrary script/HTML. This remote vector could affect users who submit a thread, with the impact described as ...

CVE-2008-2462

Cross-site scripting XSS vulnerability in the viewfile documentation command in Caucho Resin before 3.0.25, and 3.1.x before 3.1.4, allows remote attackers to inject arbitrary web script or HTML via the file parameter...

Google Talk http和mailto远程代码注入漏洞

BUGTRAQ ID: 29946 Google Talk是一款流行的即时通讯软件，允许直接与其他的计算机用户进行语音对话。 GTalk没有正确地验证用户在聊天对话窗口中所提交的http和mailto，如果可信任的联系人在对话窗口中提交了特制的URL或mailto地址的话，就会导致在对方的机器上注入并执行HTML代码，或执行跨站脚本攻击。 Google Talk 1.0.0.105 Google ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.google.com http://"h1Lostmon/h1...

CVE-2008-2852

CGIWrap before 4.1 is affected by CVE-2008-2852, an XSS due to error messages not specifying a charset. When using Internet Explorer-based browsers, attackers could inject arbitrary HTML/JS via error responses. The OpenVAS/Nessus/VM sources confirm the IE-specific vector and the CGIWrap XSS descr...

vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1: XSS in modcp index

====================================================================== Advisory : XSS in modcp index Release Date : June 17th 2008 Application : vBulletin Version : vBulletin 3.7.1 PL1 and lower, vBulletin 3.6.10 PL1 and lower Platform : PHP Vendor URL : http://www.vbulletin.com/ Authors : Jessic...

CVE-2008-2640

CVE-2008-2640 concerns cross-site scripting in Adobe Flex 3 History Management. The vulnerability lies in historyFrame.html (used by Flex 3.0.1 SDK and Flex Builder 3 and generated applications) where user-supplied values are not properly filtered in the anchor identifier, enabling remote attacke...

CVE-2008-2646

Multiple cross-site scripting XSS vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the 1 sql parameter to dbadd.inc.php, 2 InsertJournal parameter to addjournalmask.inc.php, 3 InsertBibliography parameter to insertmask.inc.php, and 4 LabelYear...

fastfree-rfi.txt

Fast Free Media Script Remote Code Ýnjection Exploit Coded By Liz0ziM Web:www.biyosecurity.com Dork:"Powered by FastFreeMedia.com" & inurl:cat-1-p0.html & inurl:page.php?page=topvids & inurl:page.php?page=topgames TARGET HOST: Example:www.sexwhispers.com TARGET PATH: Example:/ or /scriptpath/ ADM...

CVE-2008-1947

CVE-2008-1947 is an XSS vulnerability in Apache Tomcat, affecting 5.5.9–5.5.26 and 6.0.0–6.0.16. It allows remote attackers to inject arbitrary web script or HTML via the name parameter (the hostname attribute) to host-manager/html/add. The connected documents confirm the affected product/version...

F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞

BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求，如果登录用户拥有Resource Manager或Administrator权限的话，就可以注入任意Perl代码，生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3：...

Code injection

The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...