3729 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Martin Scheffler betaboard 0.1 allows remote attackers to inject arbitrary web script or HTML via a user's profile, possibly using the FormValprofile parameter. NOTE: it is not clear whether this is a distributable product or a site-specific vulnerability...
KisMac MacOS sniffer buffer overflow
Buffer overflow on parsing SSID paramtere of Cisco vendor-specific tags...
Sql injection
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the downloadid parameter in downloadclick.asp and 2 contentID parameter in news/NewsItem.asp; authenticated administrators can also conduct attacks via 3 userid...
[SECURITY] [DSA 1011-1] New kernel-patch-vserver packages fix root exploit
-------------------------------------------------------------------------- Debian Security Advisory DSA 1011-1 [email protected] http://www.debian.org/security/ Martin Schulze March 21st, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1009-1] New crossfire packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1009-1 [email protected] http://www.debian.org/security/ Martin Schulze March 21st, 2006 http://www.debian.org/security/faq -...
Design/Logic Flaw
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how...
CVE-2006-0911
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service CPU consumption via crafted requests to Login.asp, possibly involving the 1 "In" and 2 "b;tnLogIn" parameters, or 3 malformed btnLogIn parameters, possibly involving missing "" open bracket or...
CVE-2006-0839
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths...
Design/Logic Flaw
GUI display truncation vulnerability in ICQ Inc. formerly Mirabilis ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, and possibly other Windows versions allows user-assisted remote attackers to hide malicious file extensions, bypass Windows security warnings via a filename that is all uppercase and of a...
CVE-2006-0658
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the ConfigDeniedExtensionsFile, such as .php.txt...
[SECURITY] [DSA 968-1] New noweb packages fix insecure temporary file creation
-------------------------------------------------------------------------- Debian Security Advisory DSA 968-1 [email protected] http://www.debian.org/security/ Martin Schulze February 13th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 930-1] New smstools packages fix format string vulnerability
-------------------------------------------------------------------------- Debian Security Advisory DSA 930-1 [email protected] http://www.debian.org/security/ Steve Kemp Jan 9, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------...
CVE-2005-4789
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level...
CVE-2005-2530
Unspecified vulnerability in Java 1.3.1 before 1.3.116 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."...
[Full-disclosure] [SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 928-1 [email protected] http://www.debian.org/security/ Martin Schulze December 27th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 908-1] New sylpheed-claws packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 908-1 [email protected] http://www.debian.org/security/ Martin Schulze November 23rd, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 903-1] New unzip packages fix unauthorised permissions modification
-------------------------------------------------------------------------- Debian Security Advisory DSA 903-1 [email protected] http://www.debian.org/security/ Martin Schulze November 21st, 2005 http://www.debian.org/security/faq -...
Next injection infection-specific program-let the rookie broiler flocks-vulnerability warning-the black bar safety net
Online is often heard rookie yell: dear warrior, I how to own A your own chickens? Hey, also called the sad mournful cut, and to my listening heart strange sympathy, or I now give you side dishes a quick get-to-broiler method bar, and listen to Ranger know: as the saying goes, impatient to eat no...
[SECURITY] [DSA 878-1] New netpbm-free packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 878-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2005 http://www.debian.org/security/faq -...