CVE-2012-1469

Multiple cross-site scripting XSS vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the 1 editor or 2 callback parameters to lib/pkp/lib/tinymce/jscripts/tinymce/plugins/ibrowser/ibrowser.php in th...

CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

Social Engine 4 Cross Site Scripting

===================================================== Social Engine 4 Persistent XSS & Non-Persistent XSS ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------...

Struts2 remote command execution vulnerability analysis and prevention-vulnerability and early warning-the black bar safety net

Struts 2 is the struts and WebWork technology based on a merge of the new framework. Its brand new Struts 2 architecture and Struts 1 architecture the difference is huge. Struts 2 with WebWork as the core, using the interceptor mechanism to deal with user's request, such design also makes the...

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat Apple has quietly removed a statement from its website that the Mac operating system isn't susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback...

UGNazi hackers attack on CloudFlare via a flaw in Google

UGNazi hackers attack on CloudFlare via a flaw in Google After the FBI arrested Cosmo, the alleged leader of the UGNazi hacking group, the hackers attacked CloudFlare via a flaw in Google's two-factor authentication system. The CloudFlare hack allowed UGNazi to change the DNS for 4chan, so visito...

Thousand Bo enterprise website management system HitCount. Asp page injection vulnerability-vulnerability warning-the black bar safety net

Program have joined the anti-injection code, in NoSql. asp file 7kccopyd-code % If EnableStopInjection = True Then Dim FyPost, FyGet, FyIn, FyInf, FyXh, Fydb, Fydbstr FyIn = "’|;|and|exec|insert|select|delete|update|count||%|chr|mid|master|truncate|char|declare" FyInf = SplitFyIn, "|" If Request...

IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities

The host is running IBM DB2 and is prone to denial of service and security bypass vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2xmldosncreatevarsecbypassvuln.nasl 5999 2017-04-21 09:02:32Z teissa $ IBM DB2 XML Feature DoS and CREATE VARIABLE Security Bypass Vulnerabilities Authors:...

Mozilla Proposes Change to Handling of Subordinate CA Certificates

Mozilla is considering a change to the way that it handles certificates issued by externally operated sub-CAs in an effort to gain more control of how these CAs issue certificates and what those certificates can do. The proposal would involve some new controls to help verify that certificates are...

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

Adobe Flash Player MP4 Copyright Statement Overflow

Added: 03/08/2012 CVE: CVE-2012-0754 BID: 52034 OSVDB: 79300 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem Flash Player version prior to 11.1.102.62 do not properly validate the Copyright statement key CPRT in the tag...

COCOON Counter statistical procedures vulnerability summary-vulnerability warning-the black bar safety net

A default database: counter/db/dbCCCounter6. mdb It can also be directly opened: http://www.badguest.cn /Counter/utilities/update. asp To view the source file, lookup! You can find the database address. Program problem. Second, the storm path vulnerability Use the probe http://www. xxx. com...

IBM solidDB 6.5 < 6.5.0.8 Interim Fix 6 Redundant WHERE Clause Select Statement Parsing Remote DoS

According to its version number, the solidDB install on the remote host is affected by a denial of service vulnerability due to a flaw in the way the application handles 'SELECT' statements containing a redundant WHERE condition. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2012-0200

The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a redundant WHERE condition...

CVE-2011-4890

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a ROWNUM condition involving a subquery...

Design/Logic Flaw

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a ROWNUM condition involving a subquery...

CVE-2011-4890

The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service daemon crash via a SELECT statement with a ROWNUM condition involving a subquery...

IBM solidDB 6.5.0.8 - SELECT Statement WHERE Condition Denial of Service

IBM solidDB 6.5.0.8 - SELECT Statement WHERE Condition Denial of Service source: https://www.securityfocus.com/bid/52111/info IBM solidDB is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. IBM...