The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2002-0476

Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.

08/12/2002

CVE-2002-0475

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

08/12/2002

CVE-2002-0474

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.

08/12/2002

CVE-2002-0473

db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

08/12/2002

CVE-2002-0472

MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.

08/12/2002

CVE-2002-0471

PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.

08/12/2002

CVE-2002-0470

PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.

08/12/2002

CVE-2002-0469

Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.

08/12/2002

CVE-2002-0468

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

08/12/2002

CVE-2002-0467

Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.

08/12/2002

CVE-2002-0466

Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.

08/12/2002

CVE-2002-0465

Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter.

08/12/2002

CVE-2002-0464

Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.

08/12/2002

CVE-2002-0463

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.

08/12/2002

CVE-2002-0462

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.

08/12/2002

CVE-2002-0461

Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.

08/12/2002

CVE-2002-0460

Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.

08/12/2002

CVE-2002-0459

Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.

08/12/2002

CVE-2002-0458

Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.

08/12/2002

CVE-2002-0457

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as<,>, and& in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.

08/12/2002

Security News 139401 - 139420 of 144358
First | Prev. | 6969 6970 6971 6972 6973 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015