Haudenschilt Family Connections CMS (FCMS) Multiple PHP remote file inclusion vulnerabilities

Haudenschilt Family Connections CMS FCMS is prone to multiple remote file inclusion vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2010-3484

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593...

Sql injection

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593...

CVE-2010-3485

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from thi...

DEBIAN-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

UBUNTU-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...

Mozilla Patches Firefox DLL Load Hijacking Bug

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...

Potential attack vector using attachments

Suspicious handling of attachment uploads with filenames containing quotes the quoted ended up being repeated and semicolons semicolon and all subsequent characters were stripped from filename...

Potential attack vector using attachments

Suspicious handling of attachment uploads with filenames containing quotes the quoted ended up being repeated and semicolons semicolon and all subsequent characters were stripped from filename...

Potential attack vector using attachments

Suspicious handling of attachment uploads with filenames containing quotes the quoted ended up being repeated and semicolons semicolon and all subsequent characters were stripped from filename...

Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution

Microsoft Security Advisory 2269637 Insecure Library Loading Could Allow Remote Code Execution Published: August 23, 2010 Version: 1.0 General Information Executive Summary Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that...

Microsoft Visio 2010 14.0.4514.1004 DLL Hijacking Exploit

/ Microsoft Visio 2010 v14.0.4514.1004 dwmapi.dll DLL Hijacking Exploit Vendor: Microsoft Corp. Product Web Page: http://www.microsoft.com Affected Version: 14.0.4514.1004 MSO 14.0.4536.1000 Summary: Microsoft Visio is a diagramming program for Microsoft Windows that uses vector graphics to creat...

Microsoft Visio 2010 v14.0.4514.1004 (dwmapi.dll) DLL Hijacking Exploit

Summary Microsoft Visio is a diagramming program for Microsoft Windows that uses vector graphics to create diagrams. Description MS Visio 2010 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .vss thru...

New Firefox iFrame Bug Bypasses URL Protections

UPDATED–There is a bug in Mozilla’s flagship Firefox browser related to the way the browser handles obfuscated URLs in iFrames. However, a Mozilla official said the bug poses “very low” risk to users. Johnathan Nightingale of Mozilla said in a blog post late Tuesday that the bug poses little risk...

Macs CMS 1.1.4 - SearchString Cross-Site Scripting

Macs CMS 1.1.4 - SearchString Cross-Site Scripting source: https://www.securityfocus.com/bid/41529/info Mac's CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Microsoft Windows Vector Markup Language Vulnerabilities (929969)

Remote exploitation of an integer overflow vulnerability in the Vector Markup Language VML support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. OpenVAS Network Vulnerability Test Microsoft Windows Vect...

Microsoft Windows Vector Markup Language Vulnerabilities (929969)

Remote exploitation of an integer overflow vulnerability in the Vector Markup Language VML support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. SPDX-FileCopyrightText: 2010 LSS Some text descriptions...

Orbis CMS 1.0.2 - editor-body.php Cross-Site Scripting

Orbis CMS 1.0.2 - editor-body.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41390/info Orbis CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

Critical PDF Reader Patch Fixes '/Launch' Command Attack Vector

Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac and UNIX users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF “/Launch”...

Spring Framework - Arbitrary code Execution

CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...