Kayako SupportSuite 3.0.32 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20954/info Kayako SupportSuite is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

Alt-N WebAdmin 2.0.x Remote File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7439/info Reportedly, remote users can discover the installation directory of certain software on the underlying system by submitting an HTTP request to the WebAdmin server. This could allow an attacker to obtain sensitiv...

Linux kernel 2.0 Sendmail Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/363/info The 2.0.x kernels have a quirk in the TCP implementation that have to do with the accept call returning after only a syn has been recieved as opposed to the three way handshake having been completed. Sendmail,...

HP Tru64 4.0/5.1 - POSIX Threads Library Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21035/info HP Tru64 is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. Successful exploits will result in a complete...

PHP-Nuke Johannes Hass 'gaestebuch 2.2 Module - 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28063/info The 'gaestebuch' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Digital UNIX <= 4.0 D,FreeBSD <= 2.2.4,HP HP-UX 10.20/11.0,IBM AIX <= 3.2.5,Linux kernel 2.0/2.1,NetBSD 1.2,Solaris <= 2.5.1 Smurf Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/147/info The Smurf denial of service exploits the existance, and forwarding of, packets sent to IP broadcast addreses. By creating an ICMP echo request packet, with the source address set to an IP within the network to be...

Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC

No description provided by source. !usr/bin/perl -w Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large OCTETSTRING in a...

1WebCalendar 4.0 mainCal.cfm SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17193/info 1WebCalendar is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploi...

Cisco Collaboration Server 5 XSS, Source Code Disclosure

No description provided by source. Cisco Collaboration Server 5 XSS, Source Code Disclosure Discovered by: s4squatch of SecureState R&D Team www.securestate.com Discovered: 08/26/2008 Note: End of Engineering --...

Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10174/info Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded a...

GNU Mailutils imap4d 0.6 - Remote Format String Exploit (exec-shield)

No description provided by source. / Fedora Core 6 exec-shield based GNU imap4d mailutils-0.6 search remote format string exploit by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL: http://x82.inetcop.org/h0me/papers/FCexploit/FCexploit.txt Reference:...

Meeting Room Booking System (MRBS) 1.2.6 day.php area Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30531/info MRBS Meeting Room Booking Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

MyBoard 1.0.12 - 'rep.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28823/info MyBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

VideoGirls forum.php t Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...

EShoppingPro 1.0 Search_Run.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20089/info EShoppingPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker may be able to exploit this issue to...

PISG 0.54 IRC Nick HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10195/info pisg has been reported prone to an input validation vulnerability. The issue will only present itself when pisg is used to monitor an IRC server that does not place limitations on IRC Nick values that can be...

Kolayindir Download Down.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21889/info Kolayindir Download is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...

txtForum 1.0.3/1.0.4 - Remote PHP Script Code Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17061/info txtForum is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible. form...

PHD Help Desk 1.43 caso_insert.php URL Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37029/info PHD Help Desk is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the...

Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30731/info Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities using directory-traversal strings to view...