The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2006-4907

OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.

09/20/2006

CVE-2006-4906

SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.

09/20/2006

CVE-2006-4905

PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.

09/20/2006

CVE-2006-4904

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

09/20/2006

CVE-2006-4438

Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.

09/20/2006

CVE-2006-4898

PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.

09/19/2006

CVE-2006-4897

CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.

09/19/2006

CVE-2006-4896

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2006-4785.  Reason: This candidate is a duplicate of CVE-2006-4785.  Notes: All CVE users should reference CVE-2006-4785 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.

09/19/2006

CVE-2006-4895

IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.

09/19/2006

CVE-2006-4894

Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.

09/19/2006

CVE-2006-4893

PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.

09/19/2006

CVE-2006-4892

SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.

09/19/2006

CVE-2006-4891

SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles&Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

09/19/2006

CVE-2006-4890

Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.

09/19/2006

CVE-2006-4889

Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.

09/19/2006

CVE-2006-4888

Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.

09/19/2006

CVE-2006-4887

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.  NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

09/19/2006

CVE-2006-4886

The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.

09/19/2006

CVE-2006-4885

PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php.  NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.

09/19/2006

CVE-2006-4884

Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php.  NOTE: the provenance of this information is unknown; the details are obtained from third party information.

09/19/2006

Security News 122241 - 122260 of 142514
First | Prev. | 6111 6112 6113 6114 6115 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015