Cross site scripting

Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to change the location property of a frame via the String data type, and use a frame from a different domain to observe domain-independent events, as demonstrated by observing onkeydown events with...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

VulnCheck KEV: CVE-2008-2641

Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...

GlassFish Application Server - '/resourceNode/jdbcConnectionPoolNew1.jsf' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/29751/info Sun Glassfish is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Microsoft Vista speech recognition unauthorized access

Speech recognition may be used as an attack vector against client computer with e.h. HTML page with embedded sound...

ALFTP FTP Client 4.1/5.0 - 'LIST' Directory Traversal

source: https://www.securityfocus.com/bid/29585/info ALFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting this issue will allow an attacker to write arbitrary files to...

Solaris 2.5.1/2.6/7/8 rlogin /bin/login Buffer Overflow Exploit (SPARC)

No description provided by source. / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi [email protected] Buffer overflow in login in various System V based operating systems ...

MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)

No description provided by source. / HOD-ms04032-emf-expl2.c: MS04-032 Microsoft Windows XP Metafile .emf Heap Overflow Exploit version 0.2 PUBLIC coded by .:: houseofdabus ::. at inbox dot ru ------------------------------------------------------------------- About WMF/EMF: Windows Metafile WMF...

Cross site scripting

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

CVE-2007-5496

CVE-2007-5496 is a cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5. An unescaped HTML/JS path could be triggered by crafted (1) file or (2) process name, causing an AVC log entry to be inserted into the HTML document composition for sealert. Public disclosures reference the issue...

CVE-2007-5496

Cross-site scripting XSS vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted 1 file or 2 process name, which triggers an Access Vector Cache AVC log entry in a log file used during composition of HTML documents for sealert...

Sql injection

SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549...

PT-2008-3588 · Cpanel · Cpanel

Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.0 through 11.18.3 cPanel versions 11.22.0 through 11.22.2 Description: The issue allows remote attackers to perform unauthorized actions as cPanel administrators. This can be achieved via requests to "cpanel/whm/webmail"...

IPSec ESP kernel panics

The IPsec implementation in Linux kernel before 2.6.25 allows remote routers to cause a denial of service crash via a fragmented ESP packet in which the first fragment does not contain the entire ESP header and IV...

QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities

QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...

CVE-2008-1812

CVE-2008-1812 affects the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+, Application Server 1.0.2.2, and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5. The vulnerability is described as unspecified with unknown impact and local attack vectors (EM01). The connected ...

Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities

Cezanne 6.5.17 - cflookup.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28772/info Cezanne Software is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Authenticated attackers may levera...

CVE-2008-1766

Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."...

IOActive Security Advisory: Buffer overflow in Python zlib extension module

Title: Buffer overflow in Python zlib extension module Date Discoverd: ??-April-2008 Date Reported: 08-April-2008 Date Patched: 08-April-2008 Date Disclosed: 09-April-2008 Criticality: Critical Affected Products ----------------- Python 2.5.2, earlier and unstable version are likely to be...