CVE-2018-6903

PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code...

JVN#94791545: FuelPHP vulnerable to remote code execution

FuelPHP is a PHP web framework for creating web applications. FuelPHP applications contain an issue in the RequestCurl class, which may result in arbitrary code execution. Impact When specially crafted input is processed, arbitrary files may be deleted or arbitrary code may be executed on the...

Advantech WebAccess bwocxrun.ocx CreateProcess Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2012-0060

RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an invalid region tag in a package header to the 1 headerLoad, 2 rpmReadSignature, or 3 headerVerify function...

Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference

$Id: ms09050smb2negotiatefuncindex.rb 8656 2010-02-26 13:42:17Z sf $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

ISC BIND 9 DNSSEC NSEC/NSEC3 Bogus NXDOMAIN Responses

According to its version number, the remote installation of BIND suffers from a cache poisoning vulnerability. The vulnerability exists due to an error in DNSSEC NSEC/NSEC3 validation code which could cause caching of bogus NXDOMAIN responses without correctly validating them. This issue affects...

Mandriva Linux Security Advisory : bind (MDVSA-2010:021)

Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when...

Simple Machines Forum (SMF) < 1.1.6 Password Reset Vulnerability

Simple Machines Forum SMF is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Simple Machines Forum Validation Code Prediction Arbitrary Password Reset

The remote host is running Simple Machines Forum SMF, an open source web forum application written in PHP. The version of Simple Machines Forum installed on the remote host generates validation codes for its password reset functionality with 'rand', which on Windows platforms has a maximum value ...

Simple Machines Forum &lt;= 1.1.5 Admin Reset Password Exploit (win32)

No description provided by source. ?php echo "---------------------------------------------------------------\n"; echo "SMF = 1.1.5 Admin Reset Password Exploit win32-based servers\n"; echo "coded by Raz0r http://Raz0r.name/\n"; echo...

MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

The remote host is running a version of Outlook Web Access OWA for Exchange Server that is vulnerable to multiple cross-site scripting issues in the HTML parser and Data validation code. These vulnerabilities may allow an attacker to elevate his privileges by convincing a user to open a malformed...

Bbsxp 2 0 0 7[previous version don't know]an interesting vulnerability-vulnerability warning-the black bar safety net

| cpmpact. asp % option explicit Const JET3X = 4 if ""&Request"sessionid"&""""&session. sessionid&"" then error"validation code error" Dim dbpath,boolIs97 dbpath = Request"dbpath" boolIs97 = Request"boolIs97" If dbpath "" Then dbpath = server. mappathdbpath response. writeCompactDBdbpath,boolIs97...

Unfixed XSS vulnerability at php.tnc.edu.tw

Security researcher zuppergazi, has submitted on 08/03/2007 a cross-site-scripting XSS vulnerability affecting php.tnc.edu.tw, which at the time of submission ranked 8832 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/03/2007. It is current...