8200 matches found
UBUNTU-CVE-2014-4238
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR...
CVE-2014-4260
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...
Server: Host Header Poisoning
Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. For more...
Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector
No description provided by source. Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo; milw0rm.com 2007-10-10...
OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/30989/info Open Media Collectors Database OpenDb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...
torrenttrader 2.08 - Multiple Vulnerabilities
No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...
Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28017/info Ghostscript is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute...
Instant Photo Gallery 1.0 member.php member Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues...
Symfony2 - Local File Disclosure
No description provided by source. Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information...
Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...
activePDF WebGrabber ActiveX Control Buffer Overflow
No description provided by source. $Id: activepdfwebgrabber.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...
GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability
No description provided by source. Exploit Title: GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability Date: 2010/11/04 Author: moigai e-mail: [email protected] Software Link: http://www.vector.co.jp/download/file/win95/art/fh296344.html Version: 1.83a Win32 Release Tested on: Windows XP...
Avaxswf.dll 1.0.0.1 from Avax Vector ActiveX Arbitrary Data Write
No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================ Internal ID: VULWAR20070626...
Apple Mac OS X 10.3.x Help Protocol Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself due to the 'help:' protoc...
Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14313/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may...
Avax Vector 1.3 'avPreview.ocx' ActiveX Control Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35583/info Avax Vector is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control typically Internet...
XMB <= 1.9.6 Final basename() Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...
Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain...
Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security...
Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/37351/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...