The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2007-1368

The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modified node identifier.

03/09/2007

CVE-2007-1367

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Login field.

03/09/2007

CVE-2007-0005

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

03/09/2007

CVE-2006-7163

DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

03/09/2007

CVE-2007-1361

Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.  NOTE: this issue is probably different than CVE-2007-0376.

03/08/2007

CVE-2007-1360

Unspecified vulnerability in the Nodefamily module for Drupal 5.x before 5.x-1.0 allows remote authenticated users to access and modify other users\' profiles via unspecified URL parameters.

03/08/2007

CVE-2007-1359

Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python.

03/08/2007

CVE-2007-1350

Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.

03/08/2007

CVE-2007-1347

Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.

03/08/2007

CVE-2007-1346

Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 allows local users to gain privileges and reset or turn off the server.

03/08/2007

CVE-2007-1344

Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow.  NOTE: some of these details are obtained from third party information.

03/08/2007

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that probably include remote file inclusion and other issues.

03/08/2007

CVE-2007-1342

Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.

03/08/2007

CVE-2007-1341

include/auth/auth.php in Simple Invoices before 2007 03 05 does not use the login system to protect print preview pages for invoices, which might allow attackers to obtain sensitive information.

03/08/2007

CVE-2007-1340

PHP remote file inclusion vulnerability in eintrag.php in Weltennetz News-Letterman 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the sqllog parameter.

03/08/2007

CVE-2007-1339

SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.

03/08/2007

CVE-2007-1338

The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4.

03/08/2007

CVE-2007-1332

Multiple cross-site request forgery (CSRF) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to perform unspecified restricted actions in the context of certain accounts by bypassing the client-side protection scheme.

03/07/2007

CVE-2007-1331

Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the client-side protection scheme, one of which may be the q parameter to the search program.  NOTE: some of these details are obtained from third party information.

03/07/2007

CVE-2007-1330

Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) 2.4.18.184 and earlier allows local users to bypass driver protections on the HKLM\\SYSTEM\\Software\\Comodo\\Personal Firewall registry key by guessing the name of a named pipe under \\Device\\NamedPipe\\OLE and attempting to open it multiple times.

03/07/2007

Security News 122281 - 122300 of 146085
First | Prev. | 6113 6114 6115 6116 6117 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015