Claroline rqmkhtml.php file Variable XSS
Claroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to the rqmkhtml.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Additionally, this can be used to disclose the software installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.
SiteSearch Indexer searchresults.asp searchField Variable XSS
SiteSearch Indexer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'searchField' variable upon submission to the searchresults.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Samba winbindd Debug Log Server Credential Local Disclosure
Samba winbindd contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text winbindd passwords of a domain member server. When the log level is set to 5 or higher, winbindd stores these credentials in a plain text file readable by non-administrative users, which may lead to a loss of confidentiality.. Read more.
phpmyfamily track.php name Variable XSS
phpmyfamily contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'track.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Greymatter gm-upload.cgi Arbitrary File Upload
Greymatter contains a flaw that may allow a malicious user to upload files to arbitrary locations on the filesystem with the same privileges as the server process. It is possible that the flaw may allow arbitrary code execution when a script file is placed within or below the web server root directory, leading to a loss of integrity.. Read more.
RedCMS register.php SQL Injection
RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
RedCMS register.php Multiple Field XSS
RedCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email', 'location', or 'website' fields upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
RedCMS profile.php u Variable SQL Injection
RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the profile.php script not properly sanitizing user-supplied input to the 'u' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
RedCMS login.php Multiple Variable SQL Injection
RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Annuaire (Directory) inscription.php Comment Field XSS
Annuaire (Directory) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Comment Field (COMMENTAIRE variable) upon submission to the inscription.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Vuln: Esqlanelapse Unspecified Cross-Site Scripting Vulnerability
Esqlanelapse Unspecified Cross-Site Scripting Vulnerability. Read more.
Vuln: Mon Album Multiple SQL Injection Vulnerabilities
Mon Album Multiple SQL Injection Vulnerabilities. Read more.
Vuln: Mantis Multiple Remote Vulnerabilities
Mantis Multiple Remote Vulnerabilities
. Read more.
Vuln: XFIT/S Unspecified Denial of Service Vulnerability
XFIT/S Unspecified Denial of Service Vulnerability. Read more.
Buffer-overflow and in-game crash in Zdaemon 1.08.01
Buffer-overflow and in-game crash in Zdaemon 1.08.01. Read more.
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking
. Read more.
DbbS<=2.0-alpha SQL injection
DbbS<=2.0-alpha SQL injection. Read more.
[security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code
[security bulletin] HPSBUX02108 SSRT061133 rev.2 - HP-UX running Sendmail, Remote Execution of Arbitrary Code. Read more.
