Geeklog <= 1.6.0sr2 - Remote File Upload

No description provided by source. ============================================================================== Geeklog = v1.6.0sr2 - Remote File Upload Discovered: JaL0h Software Site: http://www.geeklog.net Dork: By Geeklog Created this page in +seconds +powered...

chCounter indirect SQL Injection and XSS Vulnerabilities

No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...

Mambo Open Source 4.0.14 Server SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9196/info It has bee reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php variables. As a...

Sendmail 8.11/8.12 Debugger Arbitrary Code Execution Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments...

Apple Quicktime <= 7.1.5 QTJava toQTPointer() Java Handling Arbitrary Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23608/info QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view a malicious website. QuickTime must also be...

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities

No description provided by source. Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attac...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Fedora Update for gnupg FEDORA-2014-7676

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2014-6042 · D Link · Dsl-2760U-E1

Name of the Vulnerable Software and Affected Versions: D-link DSL-2760U-E1 affected versions not specified Description: A cross-site scripting XSS issue exists in the dhcpinfo.html file, allowing remote attackers to inject arbitrary web script or HTML via a hostname. This could potentially lead t...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

OpenJDK: SnmpStatusException handling issues (Serviceability, 7068126)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serviceability. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on...

NG WifiTransfer Pro 1.1 Local File Inclusion

Document Title: =============== NG WifiTransfer Pro 1.1 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1260 Release Date: ============= 2014-04-28 Vulnerability Laboratory ID VL-ID: ==================================== 1260...

TigerCom My Assistant 1.1 Local File Inclusion

Document Title: =============== TigerCom My Assistant v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1268 Release Date: ============= 2014-05-23 Vulnerability Laboratory ID VL-ID: ===================================...

UBUNTU-CVE-2014-0238

The cdfreadpropertyinfo function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service infinite loop or out-of-bounds memory access via a vector that 1 has zero length or 2 is too long...

Fedora 20 : php-ZendFramework2-2.2.7-1.fc20 (2014-6540)

2.2.7 2014-04-015 SECURITY UPDATES - ZF2014-03: Potential XSS vector in multiple view helpers due to inappropriate HTML attribute escaping. Many view helpers were using the escapeHtml view helper in order to escape HTML attributes. This release patches them to use the escapeHtmlAttr view helper i...

Persistent Cross Site Scripting Flaw in User Profiles

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46664. panel A persistent cross site scripting flaw exists in user profiles when the user updates his/her Homepage URL from the...

mysql: unspecified DoS related to Options (CPU April 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options...

Assessing risk for the May 2014 security updates

Today we released eight security bulletins addressing 13 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other six have a maximum severity rating of Important. The table is designed to help you prioritize the deployment of updates appropriately for your environmen...

DEBIAN-CVE-2013-6452

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file...

UBUNTU-CVE-2013-6452

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file...