The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2005-3835

PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.

11/26/2005

CVE-2005-3834

Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.

11/26/2005

CVE-2005-3833

SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.

11/26/2005

CVE-2005-3832

Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

11/26/2005

CVE-2005-3831

Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.

11/26/2005

CVE-2005-3830

index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.

11/26/2005

CVE-2005-3829

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.

11/26/2005

CVE-2005-3828

SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.

11/26/2005

CVE-2005-3827

SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

11/26/2005

CVE-2005-3826

Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.

11/25/2005

CVE-2005-3825

SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.

11/25/2005

CVE-2005-3824

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.

11/25/2005

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

11/25/2005

CVE-2005-3822

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.

11/25/2005

CVE-2005-3821

Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.

11/25/2005

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

11/25/2005

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.

11/25/2005

CVE-2005-3818

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER[\'PHP_SELF\'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module.

11/25/2005

CVE-2005-3817

Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php,  (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.

11/25/2005

CVE-2005-3816

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.

11/25/2005

Security News 122221 - 122240 of 136633
First | Prev. | 6110 6111 6112 6113 6114 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015