CVE-2007-5014

Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in 1 the lvcadmindir parameter to modules/visitors2/admin/view-archiver.inc.php or 2 the lvcincludedir parameter to modules/visitors2/include/menus.inc.php. NOTE: the...

VMware Workstation 6.0多个安全漏洞

BUGTRAQ ID: 25728,25729,25731,25732 CVECAN ID: CVE-2007-0061,CVE-2007-0062,CVE-2007-0063,CVE-2007-4059,CVE-2007-4155,CVE-2007-4496,CVE-2007-4497 VMWare是一款虚拟PC软件，允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的实现上存在多个安全漏洞，可导致多种威胁。 具体如下： 1 VMWare的DHCP服务器可被恶意网页用来获取系统权限。 2...

Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities

Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations ...

Boinc Forum Cross Site Scripting Vulrnability

HSC Boinc Forum Cross Site Scripting Vulrnability This issue is due to a failure in the application to properly sanitize user-supplied input. Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

tomcat-func-xss.txt

Apache Tomcat remote xss Author: handrix Contact: handrixatmorxdotorg Vulnerability: Cross Site Scripting Severity: Medium/High MorX security research team www.morx.org Description: Apache Tomcat remote xss Tomcat provide many example of jsp files, servlet and others. functions.jsp's script is...

Remote file inclusion

PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War VWar 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwarroot parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747...

OS2A_1009.txt

Ripe Website Manager SQL Injection and Cross Site Scripting Vulnerabilities OS2A ID: OS2A1009 Status: 07/11/2007 Issue Discovered 07/12/2007 Reported to the Vendor 08/22/2007 Public Release Class: SQL Injection and Cross Site Scripting Severity: High Overview: --------- Ripe Website Manager is a...

Design/Logic Flaw

Fedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface JNDI, related to 1 a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response...

MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

The remote host is running a version of Internet Explorer or Outlook Express with a bug in the Vector Markup Language VML handling routine that may allow an attacker execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting...

CVE-2007-4081

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in a merchants/index.php, including the 1 id or 2 msg parameter in a programedit action; the 3 pgmid parameter in an uploadProducts actio...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in a merchants/index.php, including the 1 id or 2 msg parameter in a programedit action; the 3 pgmid parameter in an uploadProducts actio...

Opera/Konqueror: data: URL scheme address bar spoofing

With a specially crafted web page, an attacker can redirect a www browser to the page, which URL in the url bar resembles an arbitrary domain choosen by the attacker. It's possible due to the fact, that some web browsers incorrectly display contents of the url bar while rendering pages based on t...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

CVE-2007-3459

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method...

CVE-2007-3459

A CVE-2007-3459 entry describes a vulnerability in Civitech Avax Vector 1.3 where the ActiveX control Avaxswf.dll version 1.0.0.1 permits remote attackers to create or overwrite arbitrary files by supplying a full pathname to the WriteMovie method. The issue affects the ActiveX component and can ...

Avaxswf.dll v.1.0.0.1 from Avax Vector ActiveX Arbitrary Data Write

No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================...

Avax Vector ActiveX unauthorized access

WriteMovie method allows write access to the disk...

[GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================ Internal ID: VULWAR200706264 Introduction ------------...

Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 38 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user wit...

Avax Vector Avaxswf.dll 1.0.0.1 - ActiveX Arbitrary Data Write

Avax Vector Avaxswf.dll 1.0.0.1 - ActiveX Arbitrary Data Write :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================...