|
|
|
Open Source Vulnerability Database | OSVDB is an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. Founded in August 2002 at the Black Hat and Defcon conferences, OSVDB was created to provide an independent and open source vulnerability database. The goal was to provide accurate, detailed, current, and unbiased technical information about all types of vulnerabilities. At the next Defcon conference in August 2003, the project leadership changed, and OSVDB began to build considerable momentum. OSVDB continued to grow as processes were streamlined and key individuals were recruited to help ensure the project's success. On March 31, 2004, the Open Source Vulnerability Database opened for public use. During the next few months, the project gained significant acceptance and recognition. This led to the creation of the Open Security Foundation* to ensure OSVDB's long-term viability. For further information about OSVDB please refer to http://www.osvdb.org
|
Tuesday, 09 January 2007
A heap buffer overflow exists in Microsoft Internet Explorer. The browser's vml rendering engine fails to check the length of a unspecified buffer. With a specially crafted request that contains vml graphics, an attacker can cause arbitrary code execution resulting in a...
|
|
Read more...
|
Saturday, 06 January 2007
The Nortel MIPCD contains a flaw that may allow a malicious user to resume administrative telnet sessions. The issue is triggered when an administrator disconnects without properly logging out, which allows any user connecting via telnet to resume the administrative session....
|
|
Read more...
|
Saturday, 06 January 2007
The Nortel MIPCD contains a flaw that may allow a remote denial of service. The issue is triggered when a remote user connects to the telnet service, which denies access to other users (including administrators), and will result in loss of availability for the service.
|
|
Read more...
|
Saturday, 06 January 2007
The Meridian Integrated Personal Call Director (MIPCD) contains a flaw that may lead to an unauthorized password exposure. It is possible to gain remote access to the /LOGIN.PWD and /USER/CONFIG.AP files through the web interface. These files contain the user names and...
|
|
Read more...
|
Wednesday, 27 December 2006
Limbo CMS event Module contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the mod_eventcal.php script not properly sanitizing user input supplied to the 'lm_absolute_path' variable. This may allow an attacker to include...
|
|
Read more...
|
Thursday, 14 December 2006
Gnome Display Manager contains a flaw that may allow a malicious user to to gain escalated privileges. The issue is is caused due to a format string error within the 'gdm_chooser_add_host()' function in gdm2/gui/gdmchooser.c. It is possible that the flaw may allow...
|
|
Read more...
|
Wednesday, 13 December 2006
Enemies of Carlotta contains a flaw that may allow a malicious user to compromise a vulnerable system. The issue is triggered because the eoc.py script fails to sanitize user-supplied data to email address field. It is possible that the flaw may allow remote arbitrary command...
|
|
Read more...
|
Tuesday, 12 December 2006
Microsoft Internet Explorer contains a flaw related to the DHTML script functions that is triggered when a user visits a malicious web page that contains certain DHTML script functions, such as normalize, which can corrupt memory and allow the attacker to execute arbitrary code.
|
|
Read more...
|
Tuesday, 12 December 2006
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when user accesses a malicious web page that contains a specially crafted object HTML tag, which will disclose the path and content to the cached content...
|
|
Read more...
|
Tuesday, 12 December 2006
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when user accesses a malicious web page and performs unspecified drag and drop operations, which will disclose the path and content to the cached content...
|
|
Read more...
|
Tuesday, 12 December 2006
Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a user retrieves a malicious web page that contains specially crafted JavaScript that triggers certain errors simultaneously, which leads to memory...
|
|
Read more...
|
Tuesday, 28 November 2006
A local overflow exists in Mac OS X. The shared_region_make_private_NP() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Monday, 27 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when specially crafted data is passed to an Appletalk socket via an AIOCREGLOCALZN ioctl command, and will result in loss of availability for the platform.
|
|
Read more...
|
Sunday, 26 November 2006
A local overflow exists in Mac OS X. The fatfile_getarch2() function fails to validate Universal Binary files resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Thursday, 23 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a Mach-O binary with corrupted load_command data structures is executed, and will result in loss of availability for the platform.
|
|
Read more...
|
Tuesday, 21 November 2006
CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mod', 'image', 'area', and 'source' variables upon submission to the index.php script. This could...
|
|
Read more...
|
Tuesday, 21 November 2006
CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code...
|
|
Read more...
|
Tuesday, 21 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when mounting a corrupt UDTO HFS+ disk image file, and will result in loss of availability for the platform.
|
|
Read more...
|
Monday, 20 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when mounting a specially crafted DMG file, and will result in loss of availability for the platform.
|
|
Read more...
|
Sunday, 19 November 2006
Rialto contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the listmain.asp script. This could allow a user to create a specially crafted URL that would...
|
|
Read more...
|
Sunday, 19 November 2006
Rialto contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'refno' variable upon submission to the forminfo.asp script. This could allow a user to create a specially crafted URL that would...
|
|
Read more...
|
Sunday, 19 November 2006
Rialto contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Keyword' variable upon submission to the 'searchkey.asp' script. This could allow a user to create a specially crafted...
|
|
Read more...
|
Sunday, 19 November 2006
Rialto contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the searchmain.asp script. This could allow a user to create a specially crafted URL that would...
|
|
Read more...
|
Sunday, 19 November 2006
Rapid Classified contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' or 'id' variables upon submission to the 'reply.asp' script. This could allow a user to create...
|
|
Read more...
|
Sunday, 19 November 2006
Rapid Classified contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SH1' variable upon submission to the search.asp script. This could allow a user to create a specially crafted URL that...
|
|
Read more...
|
Sunday, 19 November 2006
Rapid Classified contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dosearch' variable upon submission to the advsearch.asp script. This could allow a user to create a specially crafted...
|
|
Read more...
|
Thursday, 16 November 2006
phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Table Comments Field upon submission to the 'tbl_create.php' script. This could allow a user to create a specially crafted URL...
|
|
Read more...
|
Thursday, 16 November 2006
phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Table Comments Field upon submission to the 'tbl_properties_operations.php' script. This could allow a user to create a...
|
|
Read more...
|
Thursday, 16 November 2006
Selenium Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URL input upon submission to the web server. This could allow a user to create a specially crafted URL that would execute arbitrary code...
|
|
Read more...
|
Thursday, 16 November 2006
Events Listing contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'venue_detail.asp' script not properly sanitizing user-supplied input to the 'VenueID' variable. This may allow an attacker to inject or...
|
|
Read more...
|
Thursday, 16 November 2006
Events Listing contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin_login.asp' script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow...
|
|
Read more...
|
Thursday, 16 November 2006
Events Listing contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'event_searchdetail.asp' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or...
|
|
Read more...
|
Wednesday, 15 November 2006
SeleniumServer contains a flaw that allows a remote attacker to list and download files outside of the web path. The issue is due to the FTP Server properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'DIR'(LIST or...
|
|
Read more...
|
Wednesday, 15 November 2006
SeleniumServer contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to passwords when reading an unspecified file in the 'server' directory, which may lead to a loss of confidentiality.
|
|
Read more...
|
Wednesday, 15 November 2006
Ultraseek contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker passes %00 to the "url" parameter of urlstatusgo.html, which will disclose the software's installation path and process ID resulting in...
|
|
Read more...
|
Wednesday, 15 November 2006
Ultraseek contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker loads scripts without any parameters, which will disclose the software's installation path resulting in a loss of confidentiality. While such...
|
|
Read more...
|
Wednesday, 15 November 2006
Ultraseek allows attackers to use the highlight feature to load remote pages. Full URLs sent to the "url" parameter of /highlight/index.html will be loaded by the Ultraseek server, then sent to the browser. This can be used to load URLs the web server running...
|
|
Read more...
|
Tuesday, 14 November 2006
Aigaion contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pageactionauthor.php not properly sanitizing user input supplied to the 'DIR' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Tuesday, 14 November 2006
Aigaion contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to _basicfunctions.php not properly sanitizing user input supplied to the 'DIR' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a malicious user to use a revoked security certificate. The issue is triggered when the Mac OS X Security Framework fails properly search certificate revocation lists. It is possible that the flaw may validate revoked certificates...
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when validating a specially crafted X.509 certificate containing a public key that could consume a significant amount of system resources during signature verification, and will result in...
|
|
Read more...
|
Tuesday, 14 November 2006
A local overflow exists in Mac OS X. The Finder fails to validate .DS_Store files resulting in a heap overflow. With a specially crafted .DS_Store file, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains an unspecified flaw related to the VPN server that may allow an attacker to execute arbitrary code via unspecified environment variables. No further details have been provided.
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a malicious user to used a revoked certificate. The issue is triggered when an HTTP proxy is in use, which interferes with the Online Certificate Status Protocol (OCSP). It is possible that the flaw may allow revoked certificates to be...
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered within WebKit when a specially crafted HTML document causes a previously deallocated object to be accessed. It is possible that the flaw may allow arbitrary code...
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow the Security Framework to negotiate a weaker cipher than is available. It is possible that the flaw may allow less secure communications resulting in a loss of confidentiality.
|
|
Read more...
|
Tuesday, 14 November 2006
A local overflow exists in Mac OS X. The Apple Type Services (ATS) server fails to validate font files resulting in a stack buffer overflow. With a specially crafted font file, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered by an unspecified flaw when the FTP server attempts to authenticate valid users, and will result in loss of availability for the service.
|
|
Read more...
|
Tuesday, 14 November 2006
Multiple unspecified local overflows exist in Mac OS X. The Apple Type Services server fails to validate service requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to Apple Type Services (ATS) creating log files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary...
|
|
Read more...
|
Tuesday, 14 November 2006
A remote overflow exists in Mac OS X. PPP fails to validate PPPoE traffic resulting in a buffer overflow. With specially crafted traffic, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when unspecified packages are installed, which allows Admin users to run with System privileges without authentication. This flaw may lead to a loss of...
|
|
Read more...
|
Tuesday, 14 November 2006
Mac OS X contains a flaw related to the CFNetwork FTP URI handling that may allow an attacker to execute arbitrary code. No further details have been provided.
|
|
Read more...
|
Tuesday, 14 November 2006
phpPeanuts contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Inspect.php not properly sanitizing user input supplied to the 'Include' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Monday, 13 November 2006
ed contains a flaw related to the tmpfile function that may allow an attacker to execute a symlink race condition. No further details have been provided.
|
|
Read more...
|
Monday, 13 November 2006
OpenHuman contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
|
Read more...
|
Sunday, 12 November 2006
CPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' and 'dir' variables upon submission to the 'newuser.html' script. This could allow a user to create a...
|
|
Read more...
|
Sunday, 12 November 2006
CPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dir' variable upon submission to the 'seldir.html' script. This could allow a user to create a specially crafted URL...
|
|
Read more...
|
Sunday, 12 November 2006
phpJobScheduler contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to add-modify.php not properly sanitizing user input supplied to the 'install_config_file' variable. This may allow an attacker to include a file from a...
|
|
Read more...
|
Sunday, 12 November 2006
phpJobScheduler contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to delete.php not properly sanitizing user input supplied to the 'installed_config_file' variable. This may allow an attacker to include a file from a...
|
|
Read more...
|
Sunday, 12 November 2006
phpJobScheduler contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to phpjobscheduler.php not properly sanitizing user input supplied to the 'installed_config_file' variable. This may allow an attacker to include a file...
|
|
Read more...
|
Sunday, 12 November 2006
phpJobScheduler contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to modify.php not properly sanitizing user input supplied to the 'installed_config_file' variable. This may allow an attacker to include a file from a...
|
|
Read more...
|
Saturday, 11 November 2006
shambo2 contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to shambo2.php not properly sanitizing user input supplied to the 'mosConfig_absolute_oath' variable. This may allow an attacker to include a file from a remote...
|
|
Read more...
|
Saturday, 11 November 2006
Nucleus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code...
|
|
Read more...
|
Friday, 10 November 2006
Encapscms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to core.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains...
|
|
Read more...
|
Thursday, 09 November 2006
bitweaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Message Title Field upon submission to the 'articles/edit.php' script. This could allow a user to create a specially crafted URL...
|
|
Read more...
|
Thursday, 09 November 2006
bitweaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Message' variable upon submission to the 'blogs/post.php' script. This could allow a user to create a specially...
|
|
Read more...
|
Thursday, 09 November 2006
bitweaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Message' variable upon submission to the 'wiki/edit.php' script. This could allow a user to create a specially...
|
|
Read more...
|
Thursday, 09 November 2006
MyAlbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to language.inc.php not properly sanitizing user input supplied to the 'langs_dir' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Thursday, 09 November 2006
LetterIt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/session.php not properly sanitizing user input supplied to the 'lang' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Thursday, 09 November 2006
ELOG Logbook contains a flaw that may allow a remote denial of service. The issue is triggered when a request for "/global" occurs, and will result in loss of availability for the service.
|
|
Read more...
|
Thursday, 09 November 2006
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when a call to fpathcong() occurs with an unsupported file type, and will result in a system panic causing a loss of availability.
|
|
Read more...
|
Wednesday, 08 November 2006
DodosMail contains multiple flaws that may allow a remote attacker to execute arbitrary commands. The issue is due to dodosmail.php not properly sanitizing user input supplied to the 'dodosmail_footer_file' and 'dodosmail_header_file' variables. This may...
|
|
Read more...
|
Wednesday, 08 November 2006
A remote overflow exists in Iodine client. The product fails to handle the 'handshake()' function during the handshakes from Iodine servers resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting...
|
|
Read more...
|
Tuesday, 07 November 2006
Soholaunch contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to shared_functions.php not properly sanitizing user input supplied to the '_SESSION[docroot_path]' variable. This may allow an attacker to include a file from a...
|
|
Read more...
|
Tuesday, 07 November 2006
Soholaunch contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to pgm-shopping_css.inc.php not properly sanitizing user input supplied to the '_SESSION[docroot_path]' variable. This may allow an attacker to include a file...
|
|
Read more...
|
Monday, 06 November 2006
Cyberfolio contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to view.php not properly sanitizing user input supplied to the 'av' variable. This may allow an attacker to include a file from a remote host that contains...
|
|
Read more...
|
Monday, 06 November 2006
Cyberfolio contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/incl_voir_compet.php not properly sanitizing user input supplied to the 'av' variable. This may allow an attacker to include a file from a remote host...
|
|
Read more...
|
Monday, 06 November 2006
iPrimal Forums contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'p' variable. This may allow an attacker to include a file from a remote host that contains...
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tiff.c' during the processing of TIFF images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_jpeg.c' during the processing of JPEG images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_lbm.c' during the processing of LBM images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_argb.c' during the processing of ARGB images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_png.c' during the processing of PNG images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_pnm.c' 'during the processing of PNM images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' during the processing of TGA images, and will result in loss of availability for the service.
|
|
Read more...
|
Monday, 06 November 2006
Imlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' 'during the processing of TGA images, and will result in loss of availability for the service
|
|
Read more...
|
Saturday, 04 November 2006
SazCart contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cart.php not properly sanitizing user input supplied to the '_saz[settings][shippingfolder]' variable. This may allow an attacker to include a file from a remote...
|
|
Read more...
|
Saturday, 04 November 2006
phpDynasite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to function_balise_url.php not properly sanitizing user input supplied to the 'racine' variable. This may allow an attacker to include a file from a remote host...
|
|
Read more...
|
Saturday, 04 November 2006
phpDynaSite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to function_log.php not properly sanitizing user input supplied to the 'racine' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Saturday, 04 November 2006
phpDynasite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to connection.php not properly sanitizing user input supplied to the 'racine' variable. This may allow an attacker to include a file from a remote host that...
|
|
Read more...
|
Saturday, 04 November 2006
Zwahlen Online Shop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "cat", "Kat", "id", and "no" variables upon submission to index.htm. This could allow a...
|
|
Read more...
|
Friday, 03 November 2006
Advanced Guestbook has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the admin.php script not properly sanitizing user input supplied to the 'include_path' variable. However, subsequent...
|
|
Read more...
|
Friday, 03 November 2006
MODx contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Thumbnail.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains...
|
|
Read more...
|
Tuesday, 31 October 2006
Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to register.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote...
|
|
Read more...
|
Tuesday, 31 October 2006
Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to login.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host...
|
|
Read more...
|
Tuesday, 31 October 2006
Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to send.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host...
|
|
Read more...
|
Monday, 30 October 2006
QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/sitemapheader.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a...
|
|
Read more...
|
Monday, 30 October 2006
QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/sitemapfooter.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may all | |
|
Whether you're in need of a simple file-sharing solution or a solution for a standard nation-wide remote access solution, we can determine the solution best meets your needs, and implement it.