Cisco VPN 5000 Client Buffer Overrun Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/5734/info Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'closetunnel' and 'opentunnel', both installed...

Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl Remote Oracle DBMSMETADATA.GETDDL exploit 9i/10g - Version 2 - New evil cursor injection tip! - No create procedure privileg needed! - See: http://www.databasesecurity.com/ Cursor Injection Grant or revoke dba permission to unprivileged user Teste...

PHPNuke 6.x Category Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within the...

Mozilla Firefox <= 3.0.3 Internet Shortcut Same Origin Policy Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31611/info Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling...

Apple Safari for iPhone/iPod touch Malformed 'Throw' Exception Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38992/info Apple Safari on iPhone and iPod touch is prone to a remote code-execution vulnerability. Successful exploits can allow an attacker to run arbitrary code in the context of the user running the application. Faile...

phpCMS 1.1.7 include/class.http_indexer_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...

Microsoft Internet Explorer 6.0 HREF Save As Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10552/info A vulnerability is reported to exist in Internet Explorer that may allow an attacker to cause the application to crash. The issue presents itself when a user attempts to invoke the Save As option on a malicious...

HP Instant Support ActiveX Control Driver Check Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24730/info HP Instant Support ActiveX control is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer...

Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25301/info Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting...

PHPOutsourcing Zorum 3.x Remote Include Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6669/info It has been reported that Zorum may allow remote users to influence to location of PHP includes. Because of this, it is possible for a remote user to include an external arbitrary PHP script containing commands...

Solaris 2.6/2.6/7.0/8 whodo Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2935/info The 'whodo' utility shipped with Sun Microsystems' Solaris provides a listing of users online and their activities. It is installed setuid root because it reads from the 'utmp' log as well as from the process...

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

Xoops 2.0.5 .1 MyLinks Myheader.php Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9269/info Xoops is prone to a cross-site scripting vulnerability in the 'myheader.php' script included in the mylinks module. A remote attacker could exploit this issue by embedding hostile HTML and script code in a...

Sun Solaris 2.6/7.0/8 XSun Color Database File Heap Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4408/info Solaris is the freely available Unix operating system distributed by Sun Microsystems. It may be possible for a local user to gain elevated privileges. When Xsun is executed, and an excessively long argument is...

Artmedic Newsletter 4.1 Log.PHP Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to creat...

DansGuardian Webmin Module 0.x Edit.CGI Remote Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9394/info A problem has been identified in the handling of input by scripts packaged with the DansGuardian Webmin Module. Because of this, it is possible for a remote to gain access to potentially sensitive information...

Dotproject 2.0 /modules/projects/gantt2.php dPconfig[root_dir] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...

mcGuestbook 1.3 admin.php lang Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18476/info mcGuestbook is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote file...

Quick Classifieds 1.0 - controlpannel/alterCats.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

GNU BinUtils 2.1x GAS Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19555/info GNU binutils GAS GNU assembler is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Remote...