CVE-2010-1481

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

Cross site scripting

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

CVE-2010-1481

Cross-site scripting XSS vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute...

pmwiki: persistent cross site scripting (XSS), CVE-2010-1481

pmwiki: persistent cross site scripting XSS, CVE-2010-1481 References https://vulners.com/cve/CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html Description The table feature of pmwiki is vulnerable to persistent cross site scripting XSS. The value of the width-parameter is not...

Pargoon Denial Of Service

Securitylab.ir Application Info: Name: Pargoon Vendor: http://www.vestasoft.ir Vulnerability Info: Type: DOS Risk: Medium 2010-01-17 - Found Vulnerability 2010-01-19 - Vendor notified 2010-05-08 - Public disclosure Vulnerability:...

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation FWE algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to...

CVE-2010-0928

OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation FWE algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to...

CVE-2010-0928

Removed by vendor...

HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a...

PT-2009-6215 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti version 0.8.7e Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected areas include graph.php, include/top gra...

CVE-2009-1570

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...

Integer overflow

Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow...

DEBIAN-CVE-2009-3296

Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows...

Poppler 'create_surface_from_thumbnail_data()'整数溢出漏洞

Bugraq ID: 36718 CVE ID：CVE-2009-3607 Poppler是一款用来生成PDF 的C++类库，从xpdf继承而来。 Poppler createsurfacefromthumbnaildata函数存在整数溢出，cairopixels缓冲区分配如下： cairopixels = guchar gmalloc 4 width height; 其中width / height值从PDF文件中读取，Page::loadThumb函数对值进行了一些验证，但是不能充分的防止溢出： if width INTMAX / 3 / height Poppler poppler...

mybb -- multiple vulnerabilities

mybb team reports: Input passed via avatar extensions is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by uploading specially named avatars. The script allows to sign up with usernames containing zero width space characters, which can be...

OpenNews 1.0 SQL Injection / Command Execution

OpenNews 1.0 SQLI/RCE Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Download : http://sourceforge.net/projects/opennews-sun/ + SQL Injection Auth Bypass - Note : magicquotesgpc = off - PoC http://127.0.0.1/admin.php Username : admin ' or...

DEBIAN-CVE-2009-2347

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large 1 width and 2 height values, which triggers a heap-based buffer overflow in the a cvtwholeimage...

DEBIAN-CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...

Firefox 3 Layout engine crashes

The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to 1 nsAsyncInstantiateEvent::Run, 2...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service application termination and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms...