The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2003-1400

Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.

12/31/2003

CVE-2003-1399

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.

12/31/2003

CVE-2003-1398

Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).

12/31/2003

CVE-2003-1397

The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.

12/31/2003

CVE-2003-1396

Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.

12/31/2003

CVE-2003-1395

Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.

12/31/2003

CVE-2003-1394

CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.

12/31/2003

CVE-2003-1393

Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.

12/31/2003

CVE-2003-1392

CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.

12/31/2003

CVE-2003-1391

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.

12/31/2003

CVE-2003-1390

RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.

12/31/2003

CVE-2003-1389

RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.

12/31/2003

CVE-2003-1388

Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.

12/31/2003

CVE-2003-1387

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

12/31/2003

CVE-2003-1386

AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server\'s /var/log/messages file.

12/31/2003

CVE-2003-1385

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

12/31/2003

CVE-2003-1384

Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.

12/31/2003

CVE-2003-1383

WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.

12/31/2003

CVE-2003-1382

Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.

12/31/2003

CVE-2003-1381

Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software\'s Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.

12/31/2003

Security News 148901 - 148920 of 156797
First | Prev. | 7444 7445 7446 7447 7448 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015