Lucene search
+L

104 matches found

securityvulns
securityvulns
added 2004/12/27 12:0 a.m.66 views

[UNIX] PHProxy Cross Site Scripting

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2004/12/12 12:0 a.m.27 views

Debian top - Format String

Debian top - Format String source: https://www.securityfocus.com/bid/1895/info top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem s...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2003/12/05 12:0 a.m.24 views

FVWM 2.4/2.5 - fvwm-menu-Directory Command Execution

source: https://www.securityfocus.com/bid/9161/info It has been reported that FVWM may be prone to a command execution vulnerability that may allow an attacker to execute malicious commands on a vulnerable system. It has been reported that the fvwm-menu-directory component does not properly...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/11/24 12:0 a.m.23 views

CommerceSQL Shopping Cart 2.2 - 'index.cgi' Directory Traversal

source: https://www.securityfocus.com/bid/9094/info It has been reported that CommerceSQL may be prone to a directory traversal vulnerability that may allow an attacker to gain access to sensitive information. The issue presents itself due to insufficient sanitization of user-supplied input. An...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/10/27 12:0 a.m.17 views

Musicqueue 0.91.01.1 - Multiple Buffer Overrun Vulnerabilities

Musicqueue 0.91.01.1 - Multiple Buffer Overrun Vulnerabilities // source: https://www.securityfocus.com/bid/8903/info Multiple buffer overrun vulnerabilities have been discovered in Musicqueue. Both issues stem from the lack of bounds checking when passing user-supplied input to the sprintf libc...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/27 12:0 a.m.25 views

Musicqueue 0.9/1.0/1.1 - Multiple Buffer Overrun Vulnerabilities

// source: https://www.securityfocus.com/bid/8903/info Multiple buffer overrun vulnerabilities have been discovered in Musicqueue. Both issues stem from the lack of bounds checking when passing user-supplied input to the sprintf libc function. As a result, it may be possible for an attacker to...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/09/04 12:0 a.m.47 views

Webcalendar <= 0.9.42 Cross Site Scripting Attacks and Potential SQL Injection Attack

Webcalendar = 0.9.42 http://webcalendar.sourceforge.net/ WebCalendar is a PHP application used to maintain a calendar for one or more persons Cross Site Scripting ======================================== Files Mabe Others: ---------------------------- includes/js/colors.php Code Sniplet:...

8.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/09/03 12:0 a.m.22 views

WebCalendar 0.9.x week.php user XSS

WebCalendar 0.9.x week.php user XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/06/26 12:0 a.m.11 views

BRS Webweaver 1.0 - Error Page Cross-Site Scripting

BRS Webweaver 1.0 - Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/8037/info BRS WebWeaver is prone to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, BRS WebWeaver includes user requests when...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/06 12:0 a.m.17 views

Synkron.Web 3.0 - HTML Injection

source: https://www.securityfocus.com/bid/7833/info Synkron.web is prone to HTML injection attacks. The vulnerability exists in the search script and is a result of insufficient sanitization of malicious HTML code from user-supplied input. HTML and script code may be echoed back when an existing...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/01/05 12:0 a.m.28 views

A security vulnerability in S8Forum

INFORMATIONS : ============= - Product : S8Forum - Tested version : 3.0 maybe other versions. - Website : http://www.kellishaver.com/ Vendor Status: not informed yet !!! - Problem : A security vulnerability in S8Forum PROBLEM : ========= This forum writen by PHP. It doesn't use database, instead...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2002/11/19 12:0 a.m.13 views

TFTPD32 2.50 - Filename Remote Buffer Overflow

TFTPD32 2.50 - Filename Remote Buffer Overflow source: https://www.securityfocus.com/bid/6199/info A buffer-overflow vulnerability has been reported for Tftpd32. The vulnerability is due to insufficient checks on user-supplied input. A remote attacker can exploit this vulnerability by supplying a...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2002/08/29 12:0 a.m.31 views

omnihttpd.txt

A vulnerability exists in the test.php script of OmniHTTPd. The script makes a classic coding error -- trusting unsanitized user input. The query string and cookie values are returned unfiltered. Of most concern, of course, is the query string:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/07/13 12:0 a.m.25 views

Re: MFC ISAPI Framework Buffer Overflow

In-Reply-To: [email protected] BadBlue and all vendors who wrote ISAPI extensions with MFC should recompile with Visual Studio 6.0 SP4 or later. There were serious problems with many ISAPI extensions built with earlier versions of the MFC libraries. 2 problems are documente...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2002/07/02 12:0 a.m.30 views

CSS in blackboard

Product: Blackboard 5 Vendor: Blackboard inc Website: www.Blackboard.com Reported: 24 apr 2002: Discovered CSS in blackboard program and company.blackboard.com. Reported CSS in blackboard program at http://company.blackboard.com/contactus/Suggestions.cgi. Reported CSS in company.blackboard.com to...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2001/09/08 12:0 a.m.74 views

Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution

Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible f...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2001/08/31 12:0 a.m.28 views

SIX-webboard 2.01 - File Retrieval

source: https://www.securityfocus.com/bid/3175/info SIX-webboard 2.01 does not filter ".." and "/" from user input, allowing users to enter arbitrary values in order to view or retrieve files not normally accessible to them from the remote host...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2001/08/13 12:0 a.m.30 views

Дырка в PHP-Nuke

Неинициализированные переменные PHP-скрипта позволяют доступ к любым файлам. Кроме того, ввод пользователя используется для составления SQL-запросов и т.д...

0.3AI score
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2000/12/11 12:0 a.m.29 views

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filter shell metacharacters from user...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2000/11/23 12:0 a.m.7 views

Phorum 3.x - PHP Configuration Disclosure

Phorum 3.x - PHP Configuration Disclosure source: https://www.securityfocus.com/bid/1985/info Phorum is a PHP based web forums package. Due to an error in the implementation of forum selection in administrative scripts, any user can view the any PHP script on the target host. This is due to...

7.4AI score
Exploits0
Rows per page
Query Builder