The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2002-0503

Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.

08/12/2002

CVE-2002-0502

Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.

08/12/2002

CVE-2002-0501

Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.

08/12/2002

CVE-2002-0500

Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.

08/12/2002

CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

08/12/2002

CVE-2002-0498

Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.

08/12/2002

CVE-2002-0497

Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.

08/12/2002

CVE-2002-0496

The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.

08/12/2002

CVE-2002-0495

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

08/12/2002

CVE-2002-0494

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.

08/12/2002

CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

08/12/2002

CVE-2002-0492

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.

08/12/2002

CVE-2002-0491

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

08/12/2002

CVE-2002-0490

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

08/12/2002

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.

08/12/2002

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.

08/12/2002

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

08/12/2002

CVE-2002-0486

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.

08/12/2002

CVE-2002-0485

Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.

08/12/2002

CVE-2002-0484

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

08/12/2002

Security News 139321 - 139340 of 144305
First | Prev. | 6965 6966 6967 6968 6969 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015