MS Office 2007: Digital Signature does not protect Meta-Data

Affects: Microsoft Office 2007 12.0.6015.5000 MSO 12.0.6017.5000 possibly older versions I. Background Microsoft Office is a suite containing several programs to handle Office documents like text documents or spreadsheets. The latest version uses an XML based document format. Microsoft Office...

LS Simple Guestbook 1.0 - Remote Code Execution

LS Simple Guestbook 1.0 - Remote Code Execution Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize...

When Google mode to become the“SafeMod=off”-bug warning-the black bar safety net

Google search has been in control of the search state that limits the user's search scope, but Google specifically for the retention of a parameterthe“SafeMod” In fact when we search SafeMod=on safe mode is turned on if you are in SafeMod=off? Haha something fun to. We use the word do...

PHP import_request_variables() arbitrary variable overwrite

PHP importrequestvariables arbitrary variable overwrite Name Using importrequestvariables you can overwrite $ and $ any php variable. Systems Affected PHP =4.0.7 =5.2.1 Severity High Vendor http://www.php.net/ Advisory http://www.wisec.it/vulns.php?id=10 http://www.wisec.it/vuln10.txt Authors...

SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists

It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...

SOL6922 - Decimal-encoded IP address circumvents Accessibility Scope

It is possible to bypass the Deny list configured in the Accessibility Scope section of the Portal Access: Web Applications: Master Group Settings page using a URL with a decimal-encoded IP address. When you log in to the FirePass Webtop, you can enter a URL into the Webtop Address Bar if the...

Perl hackers need to know the 1 0 thing-vulnerability warning-the black bar safety net

Perl is the expert level of the system administrator's preferred scripting language, but its role is far more than that. As a design for file and text processing language, in addition to a variety of other uses, it is also extremely suitable for UNIX system Management, Web programming, and databa...

DEBIAN-CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

Remote attacks learn ABC—from SATAN to start the vulnerability gathering-vulnerability warning-the black bar safety net

My statement of finishing this article in mind not to encourage more people to engage in destruction, just want to note one thing. If you think this article can teach you anything, then you are also wrong, because often ittechnologydepending on your experience, and the experience of which somethi...

eRoomVuln.txt

/ $ An open security advisory 9 - eRoom v6. Vulnerabilities 1: Bug Researcher: c0ntex - c0ntexbatgmail.com 2: Bug Released: July 06 2005 3: Bug Impact Rate: Medium / Hi 4: Bug Scope Rate: Remote $ This advisory and/or proof of concept code must not be used for commercial gain. Documentum eRoom...

CVE-2005-1154

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

Cross-site Scripting through global scope pollution — Mozilla

As you browse from site to site each new page should start with a clean slate. shutdown reports a technique that pollutes the global scope of a window in a way that persists from page to page. A malicious script could define a setter function for a variable known to be used by a popular site, and...

CVE-1999-0655

CVE-1999-0655 is rejected/not used per the description.

CVE-1999-0660

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is not about any specific product, protocol, or design, so it is out of scope of CVE. It might be more appropriate to cover under the Common Configuration Enumeration CCE. Notes: the former description is:...

PT-1999-1249 · Qbik · Wingate

Name of the Vulnerable Software and Affected Versions: WinGate affected versions not specified Description: General information about the issue is not provided. There is no mention of the estimated number of potentially affected devices worldwide or details about real-world incidents where this...

CVE-2023-38814

CVE-2023-38814 is rejected/not used; this CVE entry does not represent an active vulnerability.