7424 matches found
FWD: LedgerSMB Security Advisory: Multiple Vulnerabilities
Hi all; It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. As always, we highly...
Blaze Apps 1.4.0.051909 Cross Site Scripting / SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: Blaze Apps Multiple Vulnerabilities Vendor: http://blazeapps.codeplex.com Vulnerable Version: 1.4.0.051909 and prior versions Exploitation: Remote with browser Fix: N/A - Description: Blaze Apps is a ASP .NET 2 Content Management System. It...
DSA-1974-1 gzip - arbitrary code execution
Bulletin has no description...
Code to mitigate IE event zero-day (CVE-2010-0249)
Here's a mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day. Quite simply, it just disables the createEventObject method by mangling its name in memory. If anyone knows an important web application that uses createEventObject, please respond to the mailing list. Use this co...
Operation Aurora: the attack on Google code exposure-vulnerability warning-the black bar safety net
TechWeb's DarkReading published an article that revealed iDefense has already recovered before the release of the Adobe PDF vulnerability cause Google is to attack the statement, admitted McAfee said the IE vulnerability is the disaster source. The article also gives a link to the open source...
Storm library vulnerability construct thinking-vulnerability warning-the black bar safety net
Author:lonely the prodigal son Storm library vulnerability ODAY,celebration 2 0 1 0 the first day of the I in the testing a website got the SHELL,see if there's other ideas, I suddenly remembered the Browse inc directory see conn. asp /inc/conn. asp this method of attack has never worked conn. as...
CiviCRM 3.1 < Beta 5 - Multiple Cross-Site Scripting Vulnerabilities
Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: and from being in the same input box. In several cases it is possible to use multiple input boxes th...
Windows Live Messenger 2009 Denial Of Service
Product: Windows Live Messenger 2009 Build 14.0.8089.726 Vulnerability: ActiveX - Denial of Service Discussion: Vulnerability is in Activex Controlmsgsc.14.0.8089.726.dll Sending a string to ViewProfile , cause a crash on msnmsgr.exe must be signed in Msn Messenger account for triggerin the...
Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service
Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service Product: Windows Live Messenger 2009 Build 14.0.8089.726 Vulnerability: ActiveX - Denial of Service Discussion: Vulnerability is in Activex Controlmsgsc.14.0.8089.726.dll Sending a string to ViewProfile , cause a crash on msnmsgr.e...
Microsoft Windows Live Messenger 2009 - ActiveX Denial of Service
Product: Windows Live Messenger 2009 Build 14.0.8089.726 Vulnerability: ActiveX - Denial of Service Discussion: Vulnerability is in Activex Controlmsgsc.14.0.8089.726.dll Sending a string to ViewProfile , cause a crash on msnmsgr.exe must be signed in Msn Messenger account for triggerin the...
DSA-1966-1 horde3 - cross-site scripting
Bulletin has no description...
SAP NetWaver Virus Scan Interface - multiple XSS
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Linked XSS Vulnerability Exploits: YES Reported: 01.04.2010 Vendor response:08.04.2010 Date of Public Advisory:11.11.2011 CVSS:4.3 Author: Dmitriy Evdokimov Description SAP Netweaver Virus Scan Interfa...
iDevAffiliate 4.0 Cross Site Scripting
======================================================================================== | Title : iDevAffiliate v4.0 XSS Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Web Site : www.iq-ty.com | ...
Aptgp.1.3.0c - Cross-Site Scripting
======================================================================================== | Title : Aptgp.v1.3.0c Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Web Site :...
APHP ImgList 1.2.2 Cross Site Scripting Vulnerability
No description provided by source. ======================================================================================== | Title : APHP ImgList 1.2.2 Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi -...
PDQ Script 1.0 <== [listingid] SQL Injection
Exploit for unknown platform in category web applications ============================================ PDQ Script 1.0 == listingid SQL Injection ============================================ +===================================================================================+ | | | PDQ Script 1.0 ...
[SECURITY] Fedora 12 Update: rubygem-actionpack-2.3.4-3.fc12
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...
[SECURITY] Fedora 11 Update: rubygem-actionpack-2.3.2-4.fc11
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...
Debian: Security Advisory (DSA-1948-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 10 Update: rubygem-actionpack-2.1.1-5.fc10
Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...