The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2007-3871

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that has not yet been printed.

09/12/2007

CVE-2007-4825

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

09/11/2007

CVE-2007-4824

Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact.  NOTE: this information is based upon a vague pre-advisory.

09/11/2007

CVE-2007-4823

Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact.  NOTE: this information is based upon a vague pre-advisory.

09/11/2007

CVE-2007-4822

Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.

09/11/2007

CVE-2007-4821

Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.

09/11/2007

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.

09/11/2007

CVE-2007-4819

Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

09/11/2007

CVE-2007-4818

Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/.

09/11/2007

CVE-2007-4817

Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.

09/11/2007

CVE-2007-4816

Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.

09/11/2007

CVE-2007-4815

Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.

09/11/2007

CVE-2007-4814

Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.

09/11/2007

CVE-2007-4813

Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

09/11/2007

CVE-2007-4812

Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string.  NOTE: the crash might actually occur in the alert method.

09/11/2007

CVE-2007-4811

Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php.

09/11/2007

CVE-2007-4810

Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.

09/11/2007

CVE-2007-4809

Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php.

09/11/2007

CVE-2007-4808

Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php.  NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected.  NOTE: it was later reported that the goodies.php vector also affects 3.1.

09/11/2007

CVE-2007-4807

Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php.

09/11/2007

Security News 103721 - 103740 of 130893
First | Prev. | 5185 5186 5187 5188 5189 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015