|
Security Bulletins
Latest Malware Updates
Downloader.Busadom!g102/27/2015Infostealer.Posteal02/26/2015Downloader.Busadom02/26/2015Trojan.Ladocosm02/26/2015SONAR.SuspDocRun02/25/2015SONAR.SuspHelpRun02/25/2015W32.Tempedreve.D!inf02/25/2015SONAR.PUA!AlnadInsta02/25/2015SONAR.Infostealer!g502/25/2015SONAR.Infostealer!g402/25/2015 |
Security News
CVE-2005-2665Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. 08/23/2005CVE-2005-2664Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. 08/23/2005CVE-2005-2653Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. 08/23/2005CVE-2005-2652Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. 08/23/2005CVE-2005-2651gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. 08/23/2005CVE-2005-2650Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. 08/23/2005CVE-2005-2649Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. 08/23/2005CVE-2005-2648Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. 08/23/2005CVE-2005-2647Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. 08/23/2005CVE-2005-2646Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests. 08/23/2005CVE-2005-2645Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication. 08/23/2005CVE-2005-2644Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field. 08/23/2005CVE-2005-2643Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. 08/23/2005CVE-2005-2642Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. 08/23/2005CVE-2005-2641Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate. 08/23/2005CVE-2005-2640Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. 08/23/2005CVE-2005-2639Buffer overflow in Chris Moneymaker\'s World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. 08/23/2005CVE-2005-2638Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. 08/23/2005CVE-2005-2637Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php. 08/23/2005CVE-2005-2636SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter. 08/23/2005Security News 93081 - 93100 of 106385 First | Prev. | 4653 4654 4655 4656 4657 | Next | Last |
Security Advisories Database
Remote Code Execution Vulnerability in Microsoft OpenType Font DriverA remote attacker can execute arbitrary code on the target system. 07/21/2015Multiple Vulnerabilities in Linux kernel03/04/2015SQL Injection Vulnerability in PiwigoSQL inection vulnerability has been discovered in Piwigo. 02/05/2015Cross-site Scripting Vulnerability in DotNetNukeA cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke. 02/05/2015Cross-site Scripting Vulnerability in Hitachi Command SuiteA cross-site scripting vulnerability was found in Hitachi Command Suite. 02/02/2015Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk HandlingAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-ForwardsAn attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"An attacker can perform a denial of service attack. 01/30/2015Denial of service vulnerability in Linux Kernel spliceAn attacker can perform a denial of service attack. 01/29/2015Denial of service vulnerability in Python Pillow Module PNG Text Chunks DecompressionAn attacker can perform a denial of service attack. 01/20/2015 |
The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
