1285 matches found
CVE-2012-3442
The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...
CVE-2012-2493
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows...
kernel security update
kernel: 2.6.18-308.8.2.el5 - xen x8664: check address on trap handlers or guest callbacks Paolo Bonzini 813430 813431 CVE-2012-0217 - xen x8664: Do not execute sysret with a non-canonical return address Paolo Bonzini 813430 813431 CVE-2012-0217 - xen x86: prevent hv boot on AMD CPUs with Erratum...
Form Builder CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: Form Builder CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/form-builder/21967/ Category:: webapps Demo : http://phpscriptz.net/guestbookdemo/cp/login.php Greetz: Inj3ct0r Exploit DataBase...
xorg-x11-server security and bug fix update
1.1.1-48.90.0.1.el5 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.90 - cve-2011-4028.patch: File existence disclosure vulnerability. 1.1.1-48.88 - cve-2011-4818.patch: Multiple input sanitization flaws in Render and GLX -...
Unfixed Frame Redirect vulnerability at www.universinet.it
Security researcher r14nul, has submitted on 18/02/2012 a Frame Redirect vulnerability affecting www.universinet.it, which at the time of submission ranked 335584 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/08/2012. It is currently...
UBUNTU-CVE-2011-3825
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files...
kernel: fs/partitions: Validate map_count in Mac partition tables
Buffer overflow in the macpartition function in fs/partitions/mac.c in the Linux kernel before 2.6.37.2 allows local users to cause a denial of service panic or possibly have unspecified other impact via a malformed Mac OS partition table...
MyBloggie 2.1.6 - HTML Injection / SQL Injection
source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...
gimp security update
2.0.5-7.0.7.el4.1 - unfuzz validate-size-values patch - don't use Prereq - fix various overflows 537356, 689831, 703403, 703407, 704512...
Hashbot - Forensic web tool to acquire and validate the web pages !
What is hashbot? Hashbot is a forensic web tool to acquire and validate, over time, the status of an individual web page or web document. Feature : Acquire Follow these steps to acquire a web document: 1. Insert the document's URL ie: https://www.evilwebpage.com/image.jpg or...
Unfixed XSS vulnerability at www.itembank.co.kr
Security researcher d3vbit3, has submitted on 13/05/2011 a cross-site-scripting XSS vulnerability affecting www.itembank.co.kr, which at the time of submission ranked 2649417 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is...
Unfixed XSS vulnerability at www.pikeplacemarket.org
Security researcher P0W3RFU7, has submitted on 14/03/2011 a cross-site-scripting XSS vulnerability affecting www.pikeplacemarket.org, which at the time of submission ranked 542873 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2011. It i...
Unfixed XSS vulnerability at liberdadenautica.com.br
Security researcher Jinny, has submitted on 14/02/2011 a cross-site-scripting XSS vulnerability affecting liberdadenautica.com.br, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/01/2012. It is...
Unfixed Redirect vulnerability at sossigns.com
Security researcher SeeMe, has submitted on 01/06/2011 a Redirect vulnerability affecting sossigns.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/12/2011. It is currently unfixed. If you believe...
Unfixed XSS vulnerability at www.alwaysangels.com
Security researcher Sony, has submitted on 23/07/2010 a cross-site-scripting XSS vulnerability affecting www.alwaysangels.com, which at the time of submission ranked 12096354 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/11/2010. It is...
Fedora Update for mod_auth_shadow FEDORA-2010-6359
Check for the Version of modauthshadow OpenVAS Vulnerability Test Fedora Update for modauthshadow FEDORA-2010-6359 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Fedora Update for mod_auth_shadow FEDORA-2010-6323
Check for the Version of modauthshadow OpenVAS Vulnerability Test Fedora Update for modauthshadow FEDORA-2010-6323 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 12 Update: mod_auth_shadow-2.2-8.fc12
When performing this task one encounters one fundamental difficulty: The /etc/shadow file is supposed to be read/writeable only by root. However, the webserver is supposed to run under a non-root user, such as "nobody". modauthshadow addresses this difficulty by opening a pipe to an suid root...
jQuery Validate 1.6.0 Demo Code Advisory
+----------------------------------------------+ ADVISORY – jQuery Validate 1.6.0 Demo Code AFFECTED PACKAGES jQuery Validate 1.6.0 SilverStripe 2.3.X to 2.3.5 Discovered By CodeScan.com +----------------------------------------------+ Vendor's Website:...