DeskPRO Admin Panel Multiple HTML Injections

HSC DeskPRO Admin Panel Multiple HTML Injections An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks....

CVE-2007-2955

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via 1 the AnomalyList property to...

phpsysinfo-xss.txt

HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

PHPSysInfo Index.php Cross Site Scripting

HSC PHPSysInfo Index.php Cross Site Scripting PhpSysInfo is a PHP script that displays information about the host being accessed. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the...

flash-plugin input validation flaw

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...

CVE-2007-3456

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...

CVE-2007-3456

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...

CVE-2007-3456

Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might allow remote attackers to execute arbitrary code via a large length value for a 1 Long string or 2 XML variable type in a crafted a FLV or b SWF file, related to an "input validation error," including a signed comparison of values...

CVE-2007-3456

CVE-2007-3456 affects Adobe Flash Player 9.0.45.0 and earlier, with an input-validation/overflow issue in parsing FLV/SWF data that could allow remote code execution via crafted files (large string or XML variable). The vulnerability arises from a signed comparison of values expected non-negative...

GLSA-200706-04 : MadWifi: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200706-04 MadWifi: Multiple vulnerabilities Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...

MadWifi: Multiple vulnerabilities

Background The MadWifi driver provides support for Atheros based IEEE 802.11 Wireless Lan cards. Description Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...

Microsoft Excel Filter记录远程代码执行漏洞（MS07-023）

Microsoft Excel是Office套件中的电子表格工具。 Excel在处理Excel BIFF8格式电子表格文件中的AutoFilter记录时存在输入验证错误，如果用户受骗打开了包含有畸形过滤记录的特制文档的话，就可能导致无效的内存访问，在用户系统上执行任意代码。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3 Microsoft Office 2004 for Mac 临时解决方法： 不要打开不可信任来源的Excel文档...

abitwhizzy-traverse.txt

aBitWhizzy traversal folder enumeration and XSS vendor url: http://www.unverse.net/abitwhizzy/ Advisore:http://lostmon.blogspot.com/2007/03/ abitwhizzy-traversal-folder-enumeration.html vendor notify:YES exploit include:YES aBitWhizzy is a php script that uses whizzywig.js to create and edit web...

Horde Webmail Multiple HTML Injection vulnerability

Horde Webmail Multiple HTML Injection vulnerability Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage and share calendars, contacts, tasks and notes with the standards compliant components fr...

Oracle Data ORADC ActiveX Control Remote Code Execution

A vulnerability has been identified in the Oracle Data Control ORADC ActiveX control.The ORADC ActiveX control is provided by the Oracle Objects for OLE package. It provides data access and operation modifications on the backend database.A remote attacker could execute arbitrary code on the...

ESupport Multiple HTML Injection Vulnerabilities

ESupport Multiple HTML Injection Vulnerabilities Kayako SupportSuite offers true integrated Multi-Channel solution allowing you to manage your emails, online issues, chats, self service and issues received by phone. The entire system has been designed to improve productivity and provide seamless...

Jportal 2.3.1 CSRF vulnerability

Type: CSRF Attack / Input Validation Error Remote: Yes Version: 2.3.1 very possible, that older versions are vulnerable too Problem is in admin/admin.adm.php: function addadmin global $name, $mail, $nick, $action, $usertbl, $access; global $nick, $PHPSELF, $pass, $pass, $acce, $op, $goto;...

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability

VBulletin AdminCP Index.PHP Multiple Cross-Site Scripting Vulnerability vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker could exploit this vulnerability to have arbitrary script code execute in the...

PHP Membership Manager Cross-Site Scripting Vulnerability

PHP Membership Manager Cross-Site Scripting Vulnerability PHP Membership Manager is a browser based tool which allows a site owner to easily manage an unlimited number of username / password accounts and groups which access secure, protected areas of a web site which require logging in before...

paypal-inject.txt

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...