The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2005-4683

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

12/31/2005

CVE-2005-4682

Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

12/31/2005

CVE-2005-4681

** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog.  NOTE: this issue has been disputed by the vendor, saying \"as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC.\"  It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk.

12/31/2005

CVE-2005-4680

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.

12/31/2005

CVE-2005-4679

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

12/31/2005

CVE-2005-4678

Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

12/31/2005

CVE-2005-4677

SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.

12/31/2005

CVE-2005-4676

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

12/31/2005

CVE-2005-4675

Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.

12/31/2005

CVE-2005-4674

Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.

12/31/2005

CVE-2005-4673

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.

12/31/2005

CVE-2005-4672

Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter.

12/31/2005

CVE-2005-4671

Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

12/31/2005

CVE-2005-4670

Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

12/31/2005

CVE-2005-4669

SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

12/31/2005

CVE-2005-4668

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.

12/31/2005

CVE-2005-4667

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.  NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

12/31/2005

CVE-2005-4666

Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.

12/31/2005

CVE-2005-4665

Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.

12/31/2005

CVE-2005-4664

SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.

12/31/2005

Security News 93041 - 93060 of 108372
First | Prev. | 4651 4652 4653 4654 4655 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015