1057 matches found
Document vulnerability ShellCode look-vulnerability warning-the black bar safety net
Inscription: still very much like to put this topic, put so long, also modified several versions, are not satisfied, today was pushed again to write, as much as possible to put themselves know something write it out, learn the need to constantly summary of to accumulate, on a Sunday ride out, see...
Bitweaver 'rankings.php' Local File Include Vulnerability
Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
[20120307] - Core - Information Disclosure
Inadequate permission checking allows unauthorised viewing of some administrative back end information...
Cross site scripting
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting XSS attacks by spoofing the http server during local viewing of an exported...
CVE-2011-3218
CVE-2011-3218 affects Apple QuickTime (Mac OS X up to 10.6.8). The vulnerability is in QuickTime Player’s Save for Web export, where exported HTML documents can reference an HTTP script file. An attacker controlling a local or networked environment could spoof the HTTP server during local viewing...
Windows Gather Screen Spy
This module will incrementally take desktop screenshots from the host. This allows for screen spying which can be useful to determine if there is an active user on a machine, or to record the screen for later data extraction. Note: As of March, 2014, the VIEWCMD option has been removed in favor o...
MyBloggie 2.1.6 - HTML Injection / SQL Injection
source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...
BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure
source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issues to execute...
Fedora Update for gthumb FEDORA-2011-5200
Check for the Version of gthumb OpenVAS Vulnerability Test Fedora Update for gthumb FEDORA-2011-5200 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 14 Update: shotwell-0.8.1-3.fc14
Shotwell is a new open source photo organizer designed for the GNOME desktop environment. It allows you to import photos from your camera, view and edit them, and share them with others...
GTVHacker dev team wins cash bounty for first Google TV hack !
The GTVHacker dev team has won a cash bounty for being the first to successfully root and enable third-party application support on a Google TV device before Google – Google will reportedly be bringing support for Android applications to the platform some time later this year. According to...
CVE-2010-4680
The WebVPN implementation on Cisco Adaptive Security Appliances ASA 5500 series devices with software before 8.23 permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, ak...
D-link Click 'n Connect Daemon Detection
The remote service is the D-link Click 'n Connect Daemon DCCD, a remote networking service provided on some D-link networking devices that allows a remote client to view and configure the D-link device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid47605;...
Confluence adminsistrators can still view a restricted page if the type in the URL or click on a link in an email
If I set page viewing restrictions on a wki page to one group of which I am a member, other users, including confluence adminsistrators, cannot see the page when navigating within the application. If they type in the URL of the restricted page or click on a link to the restricted page, then can...
WebCalenderC3 vulnerable to directory traversal
Overview WebCalenderC3 from C3 Corp. contains a directory traversal vulnerability. WebCalenderC3 from C3 Corp. is a calender software. WebCalenderC3 contains a directory traversal vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Movable Type access restriction bypass vulnerability
Overview Movable Type contains an access restriction bypass vulnerability. Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or...
Microsoft IIS 4.0 showcode.asp例子脚本可查看任意文件内容漏洞
No description provided by source...
World Cup Email Scams on the Rise
Cybercrooks have begun punting World Cup ticket and HD TV viewing scams as a successor to earlier lottery-based cons. Read the full article. The Register...
openSUSE Security Update : seamonkey (seamonkey-1364)
seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...
Ipswitch WS_FTP Server < 6.1.1 Multiple Vulnerabilities
The remote host is running a version of WSFTP earlier than 6.1.1. Such versions are reportedly affected by multiple vulnerabilities : - Improper handling of UDP packets within the FTP log server may allow an attacker to crash the affected service. CVE-2008-0608 - There is a buffer overflow...