Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities

Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacke...

Information disclosure

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

CVE-2006-1623

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

CVE-2006-1623

Technical details for CVE-2006-1623 are not publicly available in the provided documents. The descriptions remain vague about vulnerability type, affected product, and impact. Monitor for updates from NVD/CVE records and connected sources.

UltraVNC 1.0.1 - Multiple Remote Error Logging Buffer Overflow Vulnerabilities (1)

source: https://www.securityfocus.com/bid/17378/info UltraVNC is susceptible to multiple error-logging remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. A...

GLSA-200603-15 : Crypt::CBC: Insecure initialization vector

The remote host is affected by the vulnerability described in GLSA-200603-15 Crypt::CBC: Insecure initialization vector Lincoln Stein discovered that Crypt::CBC fails to handle 16 bytes long initializiation vectors correctly when running in the RandomIV mode, resulting in a weaker encryption...

CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including a pdfkit.framework, b gpdf, c pdftohtml, and d libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in 1 gmem.c, 2 SplashXPathScanner.cc, 3 JBIG2Stream.c...

CVE-2006-1230

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...

CVE-2006-1230

Multiple cross-site scripting XSS vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the 1 cardid, 2 uploaded, 3 cardfontsize, or 4 cardcolor parameter. NOTE: the cardid vector was later reported to affect vCard 2.9, and the uploaded vecto...

CVE-2006-1116

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...

CVE-2006-1116

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...

CVE-2006-0979

Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors...

CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

Code injection

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

DEBIAN-CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input...