Cross site scripting

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

CVE-2007-5496 is a cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5. An unescaped HTML/JS path could be triggered by crafted (1) file or (2) process name, causing an AVC log entry to be inserted into the HTML document composition for sealert. Public disclosures reference the issue...

CVE-2007-5496

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

Sql injection

SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549...

PT-2008-3588 · Cpanel · Cpanel

Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.0 through 11.18.3 cPanel versions 11.22.0 through 11.22.2 Description: The issue allows remote attackers to perform unauthorized actions as cPanel administrators. This can be achieved via requests to "cpanel/whm/webmail"...

IPSec ESP kernel panics

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities

QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...

CVE-2008-1812

CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...

Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities

Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Authenticated attackers may levera...

CVE-2008-1766

Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."...

IOActive Security Advisory: Buffer overflow in Python zlib extension module

Title: Buffer overflow in Python zlib extension module Date Discoverd: ??-April-2008 Date Reported: 08-April-2008 Date Patched: 08-April-2008 Date Disclosed: 09-April-2008 Criticality: Critical Affected Products ----------------- Python 2.5.2, earlier and unstable version are likely to be...

EasySite 2.0 - 'image_editor.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/28563/info EasySite is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks...

Directory traversal

Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the skin parameter to 1 index.php and 2 install.php. NOTE: it was later reported that vector 1 is also present in 2.0...

MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2008-001 MIT krb5 Security Advisory 2008-001 Original release: 2008-03-18 Last update: 2008-03-18 Topic: double-free, uninitialized data vulnerabilities in krb5kdc CVE-2008-0062 VU895609 Use of a null or dangling pointer in the MIT Kerberos...

Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting

Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application...

ghostscript-poc.txt

/ A proof of concept exploit for ghostscript 8.61 and earlier. Vulnerability discovered by Chris Evans Author: [email protected] Will Drewry Affects: All versions of ghostscript that support .seticcspace. Tested on: Ubuntu gs-esp-8.15.2.dfsg.0ubuntu1-0ubuntu1 x86 Ghostscript 8.61 2007-11-21 x86...

Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of th...

Double free

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service daemon termination via 1 a large vector value, which raises a "vector too long" exception; or 2 a certain packet that raises an...

Double free

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to cause a denial of service CPU consumption via a -1 value in the field that specifies the size of the vector value...

Default credentials

Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream cipher without constructing a unique initialization vector IV, which makes it easier for local users to obtain cleartext passwords...