Mass SQL Injection Attack Hits Sites Running IIS

There’s a large-scale attack underway that is targeting Web servers running Microsoft’s IIS software, injecting the sites with a specific malicious script. The attack has compromised tens of thousands of sites already, experts say, and there’s no clear indication of who’s behind the campaign righ...

JForum 2.1.8 - Username Cross-Site Scripting

JForum 2.1.8 - Username Cross-Site Scripting source: https://www.securityfocus.com/bid/40880/info JForum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue...

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker plus Chrome extension XSS extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html Exploit available:yes So in this case "Google Mail Checker Plus" version 1.1.7...

Google Chrome multiple vulnerabilities - June 10

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnjun10.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - June 10 Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

CVE-2010-2133

SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942...

Java for Mac OS X 10.5 Update 7

The remote host is missing Java for Mac OS X 10.5 Update 7. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

The Coming Wave of Mobile Attacks

The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for...

xpdf: multiple integer overflows

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file that trigger...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

runportleterror.jsp contains XSS hole

The runportleterror.jsp contains an XSS attach vector via the unescaped 'portletKey' URL parameter. The parameter should be escaped properly...

openssl: missing bn_wexpand return value checks

OpenSSL before 0.9.8m does not check for a NULL return value from bnwexpand function calls in 1 crypto/bn/bndiv.c, 2 crypto/bn/bngf2m.c, 3 crypto/ec/ec2smpl.c, and 4 engines/eubsec.c, which has unspecified impact and context-dependent attack vectors...

systemtap: Crash with systemtap script using __get_argv()

Multiple integer signedness errors in the 1 getargv and 2 getcompatargv functions in tapset/auxsyscalls.stp in SystemTap 1.1 allow local users to cause a denial of service script crash, or system crash or hang via a process with a large number of arguments, leading to a buffer overflow...

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to the...

Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...

Discuz! 6.0 - 'tid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37982/info Discuz! is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 Release Date. 21-Jan-2010 Vendor Notification Date. 11-Dec-2009 Product. TheGreenBow VPN Client Platform. Microsoft Windows Affected versions. 4.65.003, 4.51.001 verified and possibly others. Severity Ratin...

Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow

ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled application that I tested fell victim to this exploit. This is a local...

Multiple Media Players ((iTunes QuickTime) - HTTP DataHandler Overflow

Multiple Media Players iTunes QuickTime - HTTP DataHandler Overflow ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled...

Adobe Illustrator Detection

Adobe Corporation's Illustrator software, a vector graphics editing tool, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid43860; scriptversion"1.18"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31";...