Swiki 1.5 - HTML Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28680/info Swiki is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

LG U8120 Mobile Phone MIDI File Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13154/info A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file. The following...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/299/info The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of th...

Glassfish Enterprise Server 2.1 Admin Console /configuration/configuration.jsf URI XSS

No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...

Calendarix 0.7.20070307 Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24633/info Calendarix is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

dotWidget for articles 2.0 admin/index.php Multiple Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issu...

Passlog Daemon 0.1 SL_Parse Remote Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7261/info It has been reported that passlogd does not properly handle some types of input. Because of this, an attacker may be able to gain unauthorized access to hosts running the vulnerable software. / Title: Remote...

Phorum 3.4 Email Subject Line Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7262/info It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line or other fields before sending an email to the...

News2Net 3.0 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15274/info News2Net is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

dotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/18479/info dotWidget for Articles is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issu...

pserv 3.2 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13642/info pServ is prone to a directory traversal vulnerability. This occurs because the application does not implement a proper method for filtering directory traversal sequences from URIs. Since this can be done from t...

PHPJabbers Post Comments 3.0 Cookie Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31467/info PHPJabbers Post Comments is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. An attacker can exploit this...

Claroline 1.x admin/campusProblem.php view Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application...

Mozilla Thunderbird 1.5 Address Book Import Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16716/info Mozilla Thunderbird is prone to a remote denial-of-service vulnerability. The issue presents itself when the application handles a specially crafted address book file. Mozilla Thunderbird 1.5 is reportedly...

SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script cod...

PlanetGallery Gallery_admin.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17753/info PlanetGallery is prone to an authentication-bypass vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. An attacker can exploit this issue to bypass...

Glassfish Enterprise Server 2.1 Admin Console /resourceNode/jdbcResourceEdit.jsf name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/34824/info GlassFish Enterprise Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML and script code would run in the conte...

SaveWebPortal 3.4 - Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14641/info SaveWebPortal is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issue...

WinSoftMagic Photo Editor PNG File Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39354/info WinSoftMagic Photo Editor is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful...

phpMyAdmin 2.6 display_tbl_links.lib.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12644/info Multiple remote cross-site scripting vulnerabilities affect phpMyAdmin. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generat...