CuteNews show.inc.php Direct Request Path Disclosure
CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the inc/show.inc.php script is directly requested, which will disclose the installation path resulting in a loss of confidentiality.. Read more.
X7 Chat avatar Variable XSS
X7 Chat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'avatar' variable when setting the URL for a remote avatar image. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
CuteNews search.php Multiple Variable XSS
CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'story', 'title', and 'user' variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
CuteNews functions.inc.php Direct Request Path Disclosure
CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the inc/functions.php script is directly requested, which will disclose the installation path resulting in a loss of confidentiality.. Read more.
Linux Kernel dm-crypt Local Cryptographic Key Disclosure
The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because 'dm-crypt' does not zero out the 'struct crypt_config' structure before it is freed, potentially leaking cryptographic key information, resulting in a loss of confidentiality.. Read more.
Linux Kernel get_nodes() Function Crafted Value Local DoS
The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the 'get_nodes' function is called with a 'maxnodes' argument between ((-2 * (BITS_PER_LONG - 1) and 0, and will result in loss of availability for the platform.. Read more.
Linux Kernel nfs2acl.c Exported NFS readonly ACL Bypass
The Linux kernel contains a flaw that may allow a malicious user to perform unauthorised actions. The issue is triggered because attackers can set permissions on exported NFS shares flagged as 'read-only'. This flaw may result in a loss of integrity.. Read more.
VWar admin.php vwar_root Variable Remote File Inclusion
VWar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin.php' not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
WebCalendar Login User Account Enumeration
WebCalendar contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when invalid credentials are provided to the application. The application responds with different messages to valid and invalid user name/password combinations, allowing an attacker to enumerate valid user names and resulting in a loss of confidentiality.. Read more.
Web4Future Portal Solutions comentarii.php ID Variable SQL Injection
Portal Solutions contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comentarii.php' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Vuln: GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability
GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability. Read more.
Vuln: GDK-Pixbuf Multiple Vulnerabilities
GDK-Pixbuf Multiple Vulnerabilities. Read more.
Vuln: Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
. Read more.
Vuln: VP-ASP Shopping Cart Shopcurrency.ASP SQL Injection Vulnerability
VP-ASP Shopping Cart Shopcurrency.ASP SQL Injection Vulnerability. Read more.
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure
Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure. Read more.
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
. Read more.
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities
PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities. Read more.
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1
Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1. Read more.
