2134 matches found
Oracle 9.x Database Parameter/Statement Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9587/info Oracle database has been reported prone to multiple buffer overflow vulnerabilities when processing certain parameters and functions. Specifically the TIMEZONE parameter, NUMTOYMINTERVAL, NUMTODSINTERVAL and...
How2ASP.net Webboard <= 4.1 - Remote SQL Injection Vulnerability
No description provided by source. ========================================================== How2ASP.net Webboard 4.1 Remote SQL Injection Vulnerability ========================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Undergrou...
PHP 4.x/5.x MySQL Safe_Mode Filesystem Circumvention Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/4026/info PHP's 'safemode' feature may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain...
MySQL 4/5 SUID Routine Miscalculation Arbitrary DML Statement Execution
No description provided by source. source: http://www.securityfocus.com/bid/19559/info MySQL is prone to these vulnerabilities: - A privilege-elevation vulnerability. A user with privileges to execute SUID routines may gain elevated privileges by executing certain commands and code with higher...
MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...
WikkaWiki <= 1.3.2 - Multiple Security Vulnerabilities
No description provided by source. ---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....:...
JVN#80006084: Web Kyukincho vulnerable to cross-site scripting
Web Kyukincho provided by Intercom, Inc. is a software that digitizes and distributes a pay statement and others. Web Kyukincho contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed in the user's web browser. Solution Update the Software Update to the latest...
Evernote official community hacked, user passwords exist leakage risk-vulnerability warning-the black bar safety net
Evernote official community by unknown hackers to attack and invade, hackers in some cases be able to obtain the user's login information and personal information. Evernote community Manager Geoff Barry, released today regarding the data breach statement: “https://discussion.evernote.com the...
Threat Outbreak Alert: Fake Credit Card Statement Email Messages on May 30, 2014
Medium Alert ID: 34428 First Published: 2014 May 30 18:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a credit card statement for the recipient. The text in the email message attempts to convince the recipient to ope...
Threat Outbreak Alert: Fake Account Statement Notification Email Messages on May 14, 2014
Medium Alert ID: 34227 First Published: 2014 May 14 17:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account statement notification for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Bank Statement Notification Email Messages on May 7, 2014
Medium Alert ID: 34149 First Published: 2014 May 7 14:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bank account statement for the recipient. The text in the email message attempts to convince the recipient to ope...
Threat Outbreak Alert: Fake Remittance Statement Notification Email Messages on May 5, 2014
Medium Alert ID: 34100 First Published: 2014 May 5 18:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a remittance statement for the recipient. The text in the email message attempts to convince the recipient to open...
Pearson eSIS Enterprise Student Information System SQL Injection
Advisory ID: hag201478 Product: Pearson eSIS Enterprise Student Information System Vendor: PearsonVue Vulnerable Versions: Any version Advisory Publication: April 06, 2014 Vendor Notification: March 05, 2014 Public Disclosure: April 06, 2014 Vulnerability Type: Improper Neutralization of Special...
Google Search Appliance dynamic navigation cross-site scripting vulnerability
Overview Google Search Appliance GSA devices contain a cross-site scripting XSS vulnerability when dynamic navigation is enabled. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Google Search Appliance versions earlier than 7.2.0.G.114 and...
Threat Outbreak Alert: Fake Money Statement Notification Email Messages on April 13, 2014.
Medium Alert ID: 33764 First Published: 2014 April 14 15:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a money statement for the recipient. The text in the email message attempts to convince the recipient to open th...
yungoucms system latest SQL injection-vulnerability warning-the black bar safety net
Official website : http://www.yungoucms.com/ demo site: http://www.yungoucms.cn/ Product search you can build a SQL statement that is! http://www.yungoucms.cn/?/stag/ publicfunction tag $search =$this-segment4; if!$ searchmessage"enter search keyword"; $search = urldecode$search; $search =...
Threat Outbreak Alert: Fake Account Statement Notification Email Messages on March 7, 2014
Medium Alert ID: 33243 First Published: 2014 March 10 14:14 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an account statement for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Bill Statement Email Messages on March 3, 2014
Medium Alert ID: 33159 First Published: 2014 March 3 15:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a bill statement from Amazon for the recipient. The text in the email message attempts to convince the recipient ...
MariaDB Server 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities
Binary data 8132.prm...
Threat Outbreak Alert: Fake Court Summons Notice Email Messages on February 15, 2014
Medium Alert ID: 32808 First Published: 2014 February 11 16:05 GMT Last Updated: 2014 February 17 16:58 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a court statement for the recipient. The text in the email message...