AMember 3.1.7 XSS / SQL Injection

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

USN-707-1: CUPS vulnerabilities

It was discovered that CUPS didn't properly handle adding a large number of RSS subscriptions. A local user could exploit this and cause CUPS to crash, leading to a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and 8.10. CVE-2008-5183 It was discovered that CUPS did not...

CVE-2008-5681

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs...

CVE-2008-5681

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs...

Feed links can link to local files

As a security precaution, Opera does not allow Web pages to link to files on the user's local disk. However, a flaw exists that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script ...

cups: DoS (daemon crash) caused by the large number of subscriptions

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

DEBIAN-CVE-2008-5184

The web interface cgi-bin/admin.c in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the 1 add and 2 cancel RSS subscription functions...

Null pointer dereference

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

CVE-2008-5183

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service daemon crash by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184...

PT-2008-1076 · Apple +1 · Cups +1

Name of the Vulnerable Software and Affected Versions: CUPS versions 1.3.9 and earlier cups-devel version 1.2.4 cups-libs version 1.2.4 cups-lpd version 1.2.4 cups version 1.2.4 Description: The issue allows local users, and possibly remote attackers, to cause a denial of service by adding a larg...

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

Design/Logic Flaw

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

Design/Logic Flaw

Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 allows remote authenticated users without "receive" permissions to bypass intended access restrictions and receive messages from a standalone JMS Topic or secured Distributed Topic member destination, related to durable subscriptio...

Format string

Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions...

CVE-2008-0043

Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions...