The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2005-2913

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-2799.  Reason: This candidate is a duplicate of CVE-2005-2799.  Notes: All CVE users should reference CVE-2005-2799 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

09/14/2005

CVE-2005-2912

Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.

09/14/2005

CVE-2005-2904

Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c.

09/14/2005

CVE-2005-2903

Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename.

09/14/2005

CVE-2005-2902

SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file.

09/14/2005

CVE-2005-2901

Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php.

09/14/2005

CVE-2005-2900

Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter.

09/14/2005

CVE-2005-2899

Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter.

09/14/2005

CVE-2005-2898

** DISPUTED ** NOTE: this issue has been disputed by the vendor.  FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user\'s password in the configuration settings file, which allows local users to obtain sensitive information.  NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently."

09/14/2005

CVE-2005-2897

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.

09/14/2005

CVE-2005-2896

SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.

09/14/2005

CVE-2005-2895

setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message.

09/14/2005

CVE-2005-2894

Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.

09/14/2005

CVE-2005-2893

Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login.

09/14/2005

CVE-2005-2892

Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.

09/14/2005

CVE-2005-2891

WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.

09/14/2005

CVE-2005-2890

SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device.

09/14/2005

CVE-2005-2889

Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.

09/14/2005

CVE-2005-2888

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.

09/14/2005

CVE-2005-2887

MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message.

09/14/2005

Security News 101541 - 101560 of 115055
First | Prev. | 5076 5077 5078 5079 5080 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015