6420 matches found
Design/Logic Flaw
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...
CVE-2008-3115
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...
CVE-2008-3115
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...
Code injection
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...
CVE-2008-2638
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...
CVE-2008-2638
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php...
CVE-2008-2638
CVE-2008-2638 affects 1Book 1.0.1 and earlier . The vulnerability is in guestbook.php : remote attackers can upload arbitrary PHP code via the message parameter of an HTML web form, which is written to data.php . The CVSS vector (as per NVD) indicates _network-based, low complexity, no auth with ...
py-pylons -- Path traversal bug
Pylons team reports: The error.py controller uses paste.fileapp to serve the static resources to the browser. The default error.py controller uses os.path.join to combine the id from Routes with the media path. Routes prior to 1.8 double unquoted the PATHINFO, resulting in FileApp returning files...
Code injection
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS aka itcms 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter...
CVE-2008-2195
DeluxeBB 1.2 and earlier are affected by a static code injection vulnerability in admincp.php. The issue allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI, enabling partial impact to integrity and possibly other areas as per the CVSS metrics. No ...
Unfixed XSS vulnerability at static-206.196.111.182.primary.net
Security researcher Uber0n, has submitted on 28/04/2008 a cross-site-scripting XSS vulnerability affecting static-206.196.111.182.primary.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 29/04/2008. ...
Code injection
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...
CVE-2008-1860
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter...
Fedora 8 : ruby-1.8.6.114-1.fc8 (2008-2443)
Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...
Fedora 7 : ruby-1.8.6.114-1.fc7 (2008-2458)
Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...
sdl_image -- buffer overflow vulnerabilities
Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...
Debian Security Advisory DSA 169-1 (tomcat4)
The remote host is missing an update to tomcat4 announced via advisory DSA 169-1. OpenVAS Vulnerability Test $Id: deb1691.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 169-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 225-1 (tomcat4)
The remote host is missing an update to tomcat4 announced via advisory DSA 225-1. OpenVAS Vulnerability Test $Id: deb2251.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 225-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Code injection
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...
CVE-2007-6652
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb...