Lucene search
K

1102 matches found

OpenVAS
OpenVAS
added 2009/03/06 12:0 a.m.25 views

RedHat Update for libexif RHSA-2007:1166-01

Check for the Version of libexif OpenVAS Vulnerability Test RedHat Update for libexif RHSA-2007:1166-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

6.8CVSS0.1AI score0.02727EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2009/02/25 12:0 a.m.38 views

JOnAS Cross Site Scripting

Digital Security Research Group DSecRG Advisory DSECRG-09-008 ------------------link to original advisory -------------------------- http://www.dsecrg.com/pages/vul/show.php?id=81 Application: JOnAS Java Open Application Server Versions Affected: JOnAS4.10.3 / Apache Tomcat 5.5.26 Vendor URL:...

7.4AI score
Exploits0
myhack58
myhack58
added 2009/01/20 12:0 a.m.11 views

Constructed of no-man's environment: Exploiting the Realtek RTL8139 single-chip Ethernet Controller-vulnerability warning-the black bar safety net

Author: Azy Finish: 2008-10-22 Excellent rootkit hereinafter abbreviated as rk usually should have hidden a stable communication function. As good programmers have been pursuing with the most simple code to complete the functional requirements of the same, excellent rk coder also has been adherin...

0.2AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2008/12/17 12:0 a.m.15 views

Certain characters can be used to allow cross-site scripting

When accepting HTML content from untrusted users, Web sites sometimes employ some kind of filtering to ensure that the content cannot contain scripts. If the content is to be used inside an HTML attribute, characters that separate attributes need to be filtered out to prevent scripted attributes...

0.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2008/11/10 12:0 a.m.73 views

MySQL privilege escalation

It's possible to specify file of different database in CREATE TABLE...

4.6CVSS2.7AI score0.02588EPSS
Exploits3References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/06/30 12:0 a.m.63 views

CGIWrap Charset Specification Weakness Error Message XSS

The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...

4.3CVSS5.8AI score0.0125EPSS
Exploits0References3
Mozilla
Mozilla
added 2008/03/25 12:0 a.m.29 views

Multiple XSS vulnerabilities from character encoding — Mozilla

WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting XSS risks on sites which filtered input in accordance...

4.3CVSS2.4AI score0.0162EPSS
Exploits1References2Affected Software3
Drupal
Drupal
added 2008/01/30 12:0 a.m.10 views

SA-2008-016 - OpenID - Incorrect claimed_id returned for OpenID 2.0

The OpenID module has a vulnerability which allows OpenID version 2.0 positive assertions that are not properly verified to return an invalid or impersonated claimedid. To exploit this vulnerability an attacker could set up an OpenID provider, example1.com, that claimed to be the authority for...

6.9AI score
Exploits0References5
NVD
NVD
added 2007/08/29 10:17 p.m.36 views

CVE-2007-4595

Cross-site scripting XSS vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving 1 lack of charset specification within a META element or 2 a META element that specifies an unrecognized charset, which trigger automatic...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6
CVE
CVE
added 2007/08/29 10:0 p.m.57 views

CVE-2007-4595

CVE-2007-4595 is a cross-site scripting vulnerability in Mayaa prior to 1.1.12. The issue arises when a page lacks a charset in a META element or specifies an unrecognized charset, triggering automatic browser charset recognition and improper handling of UTF-7 data, allowing remote attackers to i...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6Affected Software1
seebug.org
seebug.org
added 2007/08/10 12:0 a.m.25 views

Php Blue Dragon CMS 3.0.0 Remote Code Execution Exploit

No description provided by source. ?php // Exploit Name: Php Blue Dragon CMS 3.0.0 Code Execution Exploit //Script Homepage: http://phpbluedragon.pl/ // Autor: Kacper [email protected] // Autor Homepage: devilteam.eu | kacper.bblog.pl //Pozdrawiam wszystkich ludzi z DEVIL TEAM, Zapraszam na irc...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/07/19 12:0 a.m.52 views

[Reversemode Advisory] Microsoft DirectX RLE Compressed Targa Image File Heap Overflow

Microsoft DirectX Direct3D 9 Microsoft DirectX RLE Compressed Targa Image File Heap Overflow Ruben Santamarta rubenatreversemodedotcom 07.18.2007 Affected products: + Microsoft DirectX Direct3D 9 runtime libraries. + D3dx928.dll – D3dx9d28.dll and earlier Microsoft DirectX is prone to a heap...

6.8CVSS7.1AI score0.08163EPSS
Exploits1
Prion
Prion
added 2007/07/03 9:30 p.m.21 views

Code injection

Microsoft Internet Explorer 6.0 and 7.0 allows remote attackers to fill Zones with arbitrary domains using certain metacharacters such as wildcards via JavaScript, which results in a denial of service website suppression and resource consumption, aka "Internet Explorer Zone Domain Specification D...

7.8CVSS7AI score0.27507EPSS
Exploits0References9Affected Software2
securityvulns
securityvulns
added 2007/06/30 12:0 a.m.37 views

[Full-disclosure] Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.

Advisory : Internet Explorer Zone Domain Specification Dos and Page Suppressing Severity : Intermediate Version : IE 6.0 - 7.0 Dated : 18 June 2007 Explanation: The vulnerability is present in handling of domain names with different parameters sub domains when specified in the Intranet zone and...

7.1AI score
Exploits0
OSV
OSV
added 2007/06/26 12:30 a.m.3 views

DEBIAN-CVE-2007-3393

Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service crash via crafted DHCP-over-DOCSIS packets...

5CVSS6.8AI score0.01992EPSS
Exploits1References1
Atlassian
Atlassian
added 2007/05/18 6:7 p.m.19 views

Assign Groups to Project Role screen allows entry of users as groups

When assigning groups to a project role, the screen allows the user to specify a group that is really a user name...

2.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.31 views

Mandrake Linux Security Advisory : tetex (MDKSA-2007:022)

The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 craft...

6.8CVSS6.7AI score0.15346EPSS
Exploits3References2
UbuntuCve
UbuntuCve
added 2007/02/08 5:28 p.m.34 views

CVE-2006-2220

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the...

5CVSS6AI score0.01277EPSS
Exploits0References1
CVE
CVE
added 2007/02/08 5:0 p.m.55 views

CVE-2006-2220

PHPBB 2.0.20 is vulnerable to an information disclosure due to improper validation of user-supplied inputs used as SQL LIMIT bounds. The issue allows remote attackers to reveal sensitive data via a negative LIMIT (demonstrated through memberlist.php), producing an error message that exposes the q...

5CVSS6.5AI score0.01277EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2007/01/25 12:0 a.m.119 views

Weaknesses in Pingback Design

Advisory: Weaknesses in Pingback Design Advisory ID: 4tphi-sa-20070111-pingback Release Date: 01-24-2007 Author: Blake Matheny [email protected] Software: Multiple Impact: Remote DoS Overview: From Wikipedia, "A Pingback is one of three types of Linkbacks, methods for Web authors to request...

0.4AI score
Exploits0
Rows per page
Query Builder