Claroline 1.8 - 'user/user.php' Query String Cross-Site Scripting

source: https://www.securityfocus.com/bid/30346/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

modjk1219-overflow.txt

!/usr/bin/python / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: Apache modjk...

CVE-2008-3228

CVE-2008-3228 affects Joomla! prior to 1.5.4. The issue is that the .htaccess configuration does not apply certain security checks that are described as blocking common exploits for SEF URLs. The impact is explicitly stated as unknown, and the description notes remote attack vectors without detai...

Code injection

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620,...

CVE-2008-2621

CVE-2008-2621 affects Oracle PeopleSoft Enterprise (PeopleTools) with 8.48.17 and 8.49.11. The connected PeopleSoft/JD Edwards entry lists CVE-2008-2621 under PeopleSoft PeopleTools with a CVSS v2 base score of 4.0 (Medium). The risk matrix indicates the vulnerability requires a valid session (au...

CVE-2008-2603

CVE-2008-2603 is an Oracle Enterprise Manager (Database Control) cross-site scripting vulnerability affecting 10gR1/10gR2/11.1.0.6 where the REFRESHCHOICE parameter can inject arbitrary script/HTML. The issue originates from the July 2008 CPU advisory; vendors released a patch as part of the CPU....

CVE-2008-2579

CVE-2008-2579 affects WebLogic Server Plugins for Apache, Sun and IIS web servers bundled with BEA/Oracle WebLogic, specifically in BEA Product Suite versions 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7. The vulnerability is described as unspecified with unknown impact, but multipl...

CVE-2008-2598

CVE-2008-2598 affects the TimesTen Client/Server component of Oracle TimesTen In‑Memory Database 7.0.3.0.0. It is exploitable remotely over HTTP without authentication (CVSS v2 base 5.0, Network) and is fixed in TimesTen Server 7.0.4.0.0. Upgrade to 7.0.4.0.0 or later. Related CVEs (2597, 2599) h...

Claroline 1.8.9 - workwork.php Cross-Site Scripting

Claroline 1.8.9 - workwork.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these...

DEBIAN-CVE-2008-2667

SQL injection vulnerability in the Courier Authentication Library aka courier-authlib before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified...

faname10-sql.txt

netVigilance Security Advisory 42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and by usei...

Cross site scripting

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

VulnCheck KEV: CVE-2008-2641

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...

GlassFish Application Server - '/resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Microsoft Vista speech recognition unauthorized access

Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound...

ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal

source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...

MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)

No description provided by source. / HOD-ms04032-emf-expl2.c: MS04-032 Microsoft Windows XP Metafile .emf Heap Overflow Exploit version 0.2 PUBLIC coded by .:: houseofdabus ::. at inbox dot ru ------------------------------------------------------------------- About WMF/EMF: Windows Metafile WMF...

Cross site scripting

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...