8159 matches found
Fedora 7 : xpdf-3.02-1.fc7 (2007-1383)
Changes since 3.01: Added anti-aliasing for vector graphics; added the vectorAntialias xpdfrc option; added the '-aaVector' switch to xpdf and pdftoppm. Implemented stroke adjustment always enabled by default, ignoring the SA parameter, to match Adobe's behavior, and added the strokeAdjust xpdfrc...
SAXON version 5.4 SQL Injection Vulnerability
netVigilance Security Advisory 55 SAXON version 5.4 SQL Injection Vulnerability Description: SAXON is a simple accessible online news publishing system for personal and small corporate site owners. Publish news, using configurable templates, on any .php page on your site. Publish news on a 'per...
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities
Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26286/info Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize...
about: blank windows
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...
CVE-2007-5524
Technical details for CVE-2007-5524 are not publicly provided in the supplied documents; no specific affected products/versions, root cause, or remediation are disclosed. Monitor for updates.
CVE-2007-5530
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01...
openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-3979)
This update fixes multiple bugs in php : - predictable generaton of an initialization vector IV in the mcrypt extension - additional cookie attributes could be injected via a session id - specially crafted files could cause integer overflows in gd and leverage them to at least crash gd based...
CVE-2007-5425
SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131...
Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector
No description provided by source. Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...
Drupal 5.2 - PHP Zend Hash ation Vector
Drupal 5.2 - PHP Zend Hash ation Vector Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo; milw0rm.com 2007-10-10...
CVE-2007-5247
CVE-2007-5247 describes multiple format-string vulnerabilities in the Lithtech-based engine as used by F.E.A.R. 1.08 and earlier, with PunkBuster enabled. The issue allows remote attackers to potentially execute arbitrary code or cause a denial of service via format specifiers in specific PunkBus...
CVE-2007-5168
Multiple PHP remote file inclusion vulnerabilities in ClanLite 1.23.01.2005 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 modules/serveurjeux.php or 2 conf/conf-php.php. NOTE: vector 1 is disputed by CVE because the requireonce is only reached when ...
CVE-2007-5014
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...
VMware Workstation 6.0多个安全漏洞
BUGTRAQ ID: 25728,25729,25731,25732 CVECAN ID: CVE-2007-0061,CVE-2007-0062,CVE-2007-0063,CVE-2007-4059,CVE-2007-4155,CVE-2007-4496,CVE-2007-4497 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的实现上存在多个安全漏洞,可导致多种威胁。 具体如下: 1 VMWare的DHCP服务器可被恶意网页用来获取系统权限。 2...
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations ...
Boinc Forum Cross Site Scripting Vulrnability
HSC Boinc Forum Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...
tomcat-func-xss.txt
Apache Tomcat remote xss Author: handrix Contact: handrixatmorxdotorg Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org Description: Apache Tomcat remote xss Tomcat provide many example of jsp files, servlet and others. functions.jsp's script is...
Remote file inclusion
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War VWar 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747...
OS2A_1009.txt
Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities OS2A ID: OS2A1009 Status: 07/11/2007 Issue Discovered 07/12/2007 Reported to the Vendor 08/22/2007 Public Release Class: SQL Injection and Cross Site Scripting Severity: High Overview: --------- Ripe Website Manager is a...
Design/Logic Flaw
Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface JNDI, related to 1 a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response...