Microsoft Word Unspecified Code Execution
Microsoft Word contains a flaw that may allow a malicious user to execute arbitrary code under the security context of the current user. The issue is triggered due to an unspecified error. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more.
Cisco Application Velocity System Transparent Proxy Arbitrary Mail Relay
Cisco Application Velocity System contains a flaw that may allow a malicious user to establish arbitrary TCP connection. The issue is triggered when an unspecified action occurs. It is possible that the flaw may allow malicious users to circumvent network policy. One likely reason to abuse this flaw is to connect to arbitrary mail servers.. Read more.
Caucho Resin viewfile Servlet Arbitrary File Access
Caucho Resin contains a flaw that allows a remote attacker to disclose the content of arbitrary files stored within a defined web root. The issue is due to the viewfile not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the "contextpath" and "file" variables.. Read more.
Caucho Resin Encoded Traversal Arbitrary File Access
Caucho Resin contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to an input validation error when processing specially crafted HTTP requests containing the "%5C" sequence.. Read more.
Bitrix Site Manager updater.log Remote Information Disclosure
Bitrix Site Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the "/bitrix/updates/updater.log" file is requested, which will disclose information about version history and the latest installed version resulting in a loss of confidentiality.. Read more.
phpRemoteView PRV.php Multiple Variable XSS
phpRemoteView contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "f", "d", and "ref" variables upon submission to the PRV.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Sphider search_form.html catid Variable XSS
Sphider contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catid' variable upon submission to the search_form.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Sphider search.php category Variable XSS
Sphider contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'category' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
WhatsUp Professional NmConsole/Tools.asp XSS
WhatsUp Professional contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to the 'NmConsole/Tools.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
sBlog search.php keyword Variable SQL Injection
sBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'keyword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Vuln: Quagga BGPD Local Denial Of Service Vulnerability
Quagga BGPD Local Denial Of Service Vulnerability. Read more.
Vuln: Quagga Information Disclosure and Route Injection Vulnerabilities
Quagga Information Disclosure and Route Injection Vulnerabilities. Read more.
Vuln: Libextractor Multiple Heap Buffer Overflow Vulnerabilities
Libextractor Multiple Heap Buffer Overflow Vulnerabilities
. Read more.
Vuln: Linux Kernel Unw_Unwind_To_User Local Denial of Service Vulnerability
Linux Kernel Unw_Unwind_To_User Local Denial of Service Vulnerability. Read more.
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service
[SECURITY] [DSA 1068-1] New fbi packages fix denial of service. Read more.
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability
ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability
. Read more.
cPanel OpenBaseDir Bypass
cPanel OpenBaseDir Bypass. Read more.
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability. Read more.
