The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2007-0695

Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.  NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.

02/03/2007

CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

02/03/2007

CVE-2007-0474

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a \"design issue with smb4k_kill.\"

02/03/2007

CVE-2007-0473

The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.

02/03/2007

CVE-2007-0472

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K\'s lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn\'t properly handled by the writeFile function in core/smb4kfileio.cpp.

02/03/2007

CVE-2007-0436

Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.

02/03/2007

CVE-2006-6967

** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: None.  Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE).  In addition, it describes standard behavior (publication of revocation lists) and as such does not cross privilege boundaries.  Notes: the former description is: \"Check Point FireWall-1 allows remote attackers to obtain certificate revocation lists (CRLs) and other unspecified sensitive information via an HTTP request for the top-level URI on the internal certificate authority (ICA) port (18264/tcp).\"

02/03/2007

CVE-2006-6966

phpGraphy before 0.9.13a does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter\'s hash value, which allows remote attackers to execute arbitrary PHP code by uploading a config.php file via the pictures[] parameter to index.php.  NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpGraphy.

02/03/2007

CVE-2007-0688

SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

02/02/2007

CVE-2007-0687

SQL injection vulnerability in i-search.php in Michelle\'s L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

02/02/2007

CVE-2007-0686

The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of \"internal kernel structures,\" a different vulnerability than CVE-2006-6651.  NOTE: this issue might overlap CVE-2006-3992.

02/02/2007

CVE-2007-0685

Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.

02/02/2007

CVE-2007-0684

PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

02/02/2007

CVE-2007-0683

PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

02/02/2007

CVE-2007-0682

PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.

02/02/2007

CVE-2007-0681

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

02/02/2007

CVE-2007-0680

PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

02/02/2007

CVE-2007-0679

PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.

02/02/2007

CVE-2007-0678

SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.

02/02/2007

CVE-2007-0677

PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.

02/02/2007

Security News 119661 - 119680 of 142620
First | Prev. | 5982 5983 5984 5985 5986 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015