CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

DEBIAN-CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

CVE-2009-3102

The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager ZRM for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQLBINPATH variable...

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

CVE-2008-7180

delquery1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable...

cman security, bug fix, and enhancement update

2.0.115-1 - RSA II fencing agent has been fixed. - Resolves: rhbz493802 2.0.114-1 - local variable 'verbosefilename' referenced before assignment has been fixed - RSA II fencing agent has been fixed. - Resolves: rhbz493802 rhbz514758 2.0.113-1 - Limitations with 2-node fencescsi are now properly...

Wordpress Plugin WP-Syntax <= 0.9.1 Remote Command Execution

No description provided by source. ====================================================================== Wordpress plugin WP-Syntax = 0.9.1 Remote Code Execution ====================================================================== This vulnerability was originally discovered by Raz0r on...

WordPress WP-Syntax 0.9.1 Command Execution

====================================================================== Wordpress plugin WP-Syntax $functions if isnull$functions continue; foreach$functions as $function $string = calluserfuncarray$function, array$string; return $string; ... Global variable testfilter is not defined, so...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209)

Multiple Java OpenJDK security vulnerabilities has been identified and fixed : The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation specifies an HMAC truncation length HMACOutputLength but does not require a minimum for its length, which allows attackers to spoof...

Discuz custom template variable vulnerability-vulnerability warning-the black bar safety net

Variables : ',";ECHO ";$X=SUBSTRMD5$GET'B',2 8;IF$X=='7aaa' and$POST'A';// Replace the contents : aaaaaaaaaa Then the link The post variable b is md5 encrypted, if the first 2 8-3 1 bit is 7aaa then execute$POST'a'; Use the DZ Forum of classmates please self-check/forumdata/cache/file under...

Oracle Secure Backup Administration Server Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the logic used to authenticate a user to the administration server running on port...

CVE-2008-6945

Multiple cross-site scripting XSS vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mvorderitem CGI variable parameter in Core, 2 the country-select widget, or 3 possibly the value...

[SECURITY] Fedora 10 Update: libvorbis-1.2.0-6.fc10

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis...

OpenJDK private variable information disclosure (6777487)

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...

Perl$hop E-Commerce Input Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection

Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a l...

Discuz! 7.0 and below the version background get a webshell without founder-vulnerability warning-the black bar safety net

Author: oldjun I rarely care about such vulnerability, it has been rarely take the stand, and encounters a DZ more just passing through, also did not go too much care about the DZ's vulnerability or to study the code; shortly before the Forum is left a shell, I check half a day, but since met, it...

CVE-2009-2380

Cross-site scripting XSS vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable...