242 matches found
Yahoo Includes Private Key in Source File For Axis Chrome Extension
Yahoo on Wednesday launched a new browser called Axis and researchers immediately discovered that the company had mistakenly included its private signing key in the source file, a serious error that would allow an attacker to create a malicious, signed extension for a browser that the browser wil...
Discuz x2 source/function/function_connect.php leakage of the server's physical path-vulnerability warning-the black bar safety net
Affected version: Discuz x2 vulnerability description: source/function/functionconnect.php The file header is not added: if! defined‘INDISCUZ’ exit‘Access Denied’; And at the head of the pack The letter the other file: requireonce libfile‘function/cloud’; reference...
DEBIAN-CVE-2010-4221
Multiple stack-based buffer overflows in the prnetiotelnetgets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a 1 FTP or 2 FTPS server...
IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities
IBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. PK73246 - A login using the LPTAToken cookie may result in extending LTPAToken expiration...
openmotif libUil buffer overflows
Multiple buffer overflows in libUil libUil.so in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the 1 diagissuediagnostic function in UilDiags.c and 2 opensourcefile function in UilSrcSrc.c...
CVE-2007-6672
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' slash characters in the URI...
CVE-2007-6672
Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' slash characters in the URI...
CVE-2005-4836
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information...
Attack BI chat the 1 4 method-vulnerability warning-the black bar safety net
Summary of attack blue chat 1 4 ways 1. How in the blue sea Silver sand sitechat roomwith the hair background of the word? ^O^believe it is everyone's interest!!! First look at the example:we are the super invincible curse of the Legion we have the strongest technical The method is as follows:...
DEBIAN-CVE-2007-0539
The wpremotefopen function in WordPress before 2.1 allows remote attackers to cause a denial of service bandwidth or thread consumption via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint...
Thepeak-v1.3.txt
Thepeak File Upload v1.3 : Read file vulneability Discovered By: Phạm Đức Hải Pham Duc Hai Email: duchaikhtn at gmail dot com YIM : kikicoco1985vn Website: http://blog.ajaxviet.com ------------------------- Description: file upload manager 1.3 written by thepeak adam medici copyright c 2003 thepe...
[Full-disclosure] [xfocus-SD-051202]openMotif libUil Multiple vulnerability
Title: xfocus-SD-051202openMotif-libUil-Multiplevulnerability Affected version : openmotif 2.2.3not got 2.2.4,so not test in openmotif 2.2.4 Product: http://www.motifzone.net/ xfocus http://www.xfocus.org have discovered multiple vulnerability in openmotif libUil library. details following: 1:...
Oracle 9iAS Jsp Source File Reading
In a default installation of Oracle 9iAS it is possible to read the source of JSP files. When a JSP is requested it is compiled 'on the fly' and the resulting HTML page is returned to the user. Oracle 9iAS uses a folder to hold the intermediate files during compilation. These files are created in...
Oracle 9i Application Server Jsp Source File Reading Information Disclosure Vulnerability - Active Check
In a default installation of Oracle 9i Application Server AS it is possible to read the source of JSP files. SPDX-FileCopyrightText: 2002 Matt Moore Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
USN-128-1: nasm vulnerability
Josh Bressers discovered a buffer overflow in the ieeeputascii function of nasm. If an attacker tricked a user into assembling a malicious source file, they could exploit this to execute arbitrary code with the privileges of the user that runs nasm...
CVE-2005-0837
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . dot...
lighttpd -- script source disclosure vulnerability
The lighttpd website reports: In lighttpd 1.3.7 and below it is possible to fetch the source files which should be handled by CGI or FastCGI applications. The vulnerability is in the handling of urlencoded trailing NUL bytes. Installations that do not use CGI or FastCGI are not affected...
DEBIAN-CVE-2004-1297
Buffer overflow in the processfonttable function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file...
Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun
// source: https://www.securityfocus.com/bid/8028/info A buffer overrun has been discovered in Tripbit Secure Code Analizer when reading data from source files. The problem occurs due to an insecure use of the fgets function. This vulnerability could be triggered by a malicious source file...
MondoSearch MsmMask.exe Arbitrary Script Source Disclosure
The msmmask.exe CGI is installed. Some versions allow an attacker to read the source of any file in your web server's directories by using the 'mask' parameter. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Affected: MondoSearch 4.4.5147 and below. MondoSearch 4.4.5156 and above are NOT...