6714 matches found
Mozilla Bugzilla越权访问漏洞(CVE-2011-2977)
BUGTRAQ ID: 49042 CVE ID: CVE-2011-2977 Bugzilla是很多软件项目都在使用的基于Web的BUG跟踪系统。 Bugzilla在实现上存在多个安全漏洞,远程攻击者可利用这些漏洞获取敏感信息,执行脚本插入和欺骗攻击。 用于上传附件的临时文件没有在Windows上删除。对服务器有本地访问权限的用户可在通常情况下不允许从Bugzilla中查看附件时查看附件。 Mozilla Bugzilla 4.x Mozilla Bugzilla 3.x Mozilla Bugzilla 2.x 厂商补丁: Mozilla -------...
Nginx 0.7.65 Shell Upload
Exploit Title : Nginx Server Configuration hole ; Upload file execute Software link : http://nginx.org/ Version : Confirmed in nginx v0.7.65. And PHP v5.3.2 with Suhosin patch and extension. Tested on : windows 7 Date : 29/07/2011 Author : sysmox.com Website : http://www.sysmox.com Email :...
Google Search Appliance vulnerable to cross-site scripting
Overview Google Search Appliance provided by Google contains a cross-site scripting vulnerability. Google Search Appliance from Google is a product that provides searching services for an intranet service or a website. Google Search Appliance contains a cross-site scripting vulnerability. Yosuke...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Firefox 3.6 < 3.6.18 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is 3.6.x earlier than 3.6.18. Such versions are potentially affected by the following security issues : - Multiple memory safety issues can lead to application crashes and possibly remote code execution. CVE-2011-2374, CVE-2011-2376, CVE-2011-2364, CVE-2011-2365 -...
WeblyGo vulnerable to cross-site scripting
Overview WeblyGo provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS contains a cross-site scripting vulnerability. WeblyGo is a groupware provided by KAWAI BUSINESS SOFTWARE CO., LTD. KBS. WeblyGo contains a cross-site scripting vulnerability. Yoshihiro Ishikawa of LAC reported this vulnerability ...
CVE-2011-2101
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...
CVE-2011-2101
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."...
Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. CVE-2011-2094, CVE-2011-2095, CVE-2011-2097 - A hea...
Silex <= 1.5.4.2 XSS Vulnerability - Active Check
Silex is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
IP Power 9258 TGI Scripts Unauthorized Access Vulnerability
IP Power 9258 is prone to an unauthorized-access vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Room Juice <= 0.3.3 XSS Vulnerability - Active Check
Room Juice is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
eFront 3.6.9 - 'scripts.php' Local File Inclusion
source: https://www.securityfocus.com/bid/47870/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the...
Skype 0day detailed analysis-vulnerability warning-the black bar safety net
Recently, we heard about the Skype 0day related news, on the Mac OS in the remote script execution vulnerability. In fact, we in the 2 months before long discovered this vulnerability. Due to the test reason we did not promptly report to the Supplier, because we are still in testing this...
Collaborative Passwords Manager (cPassMan) 'path' Local File Inclusion Vulnerability
Collaborative Passwords Manager cPassMan is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
OracleJSP Demos Cross Site Scripting
Advisory Name: Reflected Cross-Site Scripting XSS in OracleJSP Demos Internal Cybsec Advisory Id: 2011-0403- Reflected Cross-Site Scripting XSS in OracleJSP Demos Vulnerability Class: Reflected Cross-Site Scripting XSS Release Date: April 20, 2011 Affected Applications: Confirmed in OracleJSP...
WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion
WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion source: https://www.securityfocus.com/bid/47317/info The Spellchecker plugin for WordPress is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficientl...
Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47329/info Plogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Design/Logic Flaw
locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...
Password Vault Web Access vulnerable to cross-site scripting
Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...