Lucene search
K

812 matches found

Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting

Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...

2.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.84 views

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

Microsoft Security Bulletin MS08-039 – Important Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege 953747 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in...

4.3CVSS0.24611EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.3 views

Cosminexus Component Container Session Handling Vulnerability

Overview The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data. Impact A remote attacker could gain unauthorized access to other users' session and obtain sensitiv...

4.9CVSS6.6AI score0.01013EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2008/04/28 12:0 a.m.36 views

Debian DSA-1557-1 : phpmyadmin - insufficient input sanitising

Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-1924 Attackers with CREATE table permissions were allowed to read arbitrary files...

5.5CVSS6.1AI score0.01626EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2008/04/04 12:0 a.m.41 views

Fedora 7 : phpMyAdmin-2.11.5.1-1.fc7 (2008-2874)

This update addresses PMASA-2008-2 / CVE-2008-1567: phpMyAdmin upstream received an advisory from Jim Hermann: It saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

5.5CVSS5.6AI score0.00296EPSS
Exploits0References4
phpMyAdmin
phpMyAdmin
added 2008/03/29 12:0 a.m.36 views

Credentials disclosure on shared hosts via session data

PMASA-2008-2 Announcement-ID: PMASA-2008-2 Date: 2008-03-29 Summary Credentials disclosure on shared hosts via session data Description We received an advisory from Jim Hermann, and we wish to thank him for his work. phpMyAdmin saves sensitive information like the MySQL username and password and...

5.5CVSS6AI score0.00296EPSS
Exploits0Affected Software1
Cent OS
Cent OS
added 2008/02/08 7:4 p.m.78 views

seamonkey security update

CentOS Errata and Security Advisory CESA-2008:0104 Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open...

9.3CVSS7.5AI score0.08633EPSS
Exploits6References9
CVE
CVE
added 2007/08/01 4:0 p.m.52 views

CVE-2007-4124

Cosminexus Component Container (Hitachi products) is affected for Cosminexus 6, 6.7, and 7 prior to 20070731. The session failover function may mishandle session data so one user’s session data could be used for another user, enabling remote authenticated access to sensitive information, possible...

4.9CVSS6.5AI score0.01013EPSS
Exploits0References6Affected Software14
RedHat Linux
RedHat Linux
added 2007/04/16 3:38 p.m.5 views

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

6.8CVSS6.2AI score0.07625EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/04/16 3:27 p.m.4 views

security flaw

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

6.8CVSS6.2AI score0.07625EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2007/03/27 1:19 a.m.23 views

CVE-2007-1700

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the...

7.5CVSS6.3AI score0.09017EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2007/03/27 1:19 a.m.28 views

CVE-2007-1711

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

6.8CVSS6.3AI score0.07625EPSS
Exploits1References1
Prion
Prion
added 2007/03/27 1:19 a.m.24 views

Double free

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

6.8CVSS7.4AI score0.09233EPSS
Exploits1References26Affected Software1
CVE
CVE
added 2007/03/27 1:0 a.m.83 views

CVE-2007-1701

Technical details for CVE-2007-1701 are not publicly provided in the supplied documents. The materials reference PHP-related advisories and multiple PHP issues but do not describe affected versions, root cause, impact, or remediation for this specific CVE. Monitor for updates.

6.8CVSS7.8AI score0.09233EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2007/03/27 1:0 a.m.21 views

CVE-2007-1701

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

7.8AI score0.09233EPSS
Exploits0References12
Cvelist
Cvelist
added 2007/03/27 1:0 a.m.32 views

CVE-2007-1711

Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to 1 the GLOBALS array or 2 the session data in SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701...

7.8AI score0.07625EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2007/03/12 12:0 a.m.29 views

Debian DSA-1264-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0906 It was discovered that an integer...

10CVSS6.1AI score0.11752EPSS
Exploits0References13
exploitpack
exploitpack
added 2006/04/29 12:0 a.m.8 views

W-Agora 4.2 - BBCode Script Injection

W-Agora 4.2 - BBCode Script Injection source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora...

7.7AI score
Exploits0
Exploit DB
Exploit DB
added 2006/04/29 12:0 a.m.19 views

W-Agora 4.2 - BBCode Script Injection

source: https://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora can be configured to send all user...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/02/01 12:0 a.m.3 views

PT-2006-1576 · Blackboard · Blackboard Academic Suite

Name of the Vulnerable Software and Affected Versions: Blackboard Academic Suite versions 6.0 and earlier Description: The issue arises when the software does not properly clear session information after a user has been idle and then de-authenticates. This allows subsequent users to log in as the...

4.3CVSS7AI score0.00365EPSS
Exploits0References8
Rows per page
Query Builder