The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2002-0496

The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.

08/12/2002

CVE-2002-0495

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

08/12/2002

CVE-2002-0494

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.

08/12/2002

CVE-2002-0493

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

08/12/2002

CVE-2002-0492

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.

08/12/2002

CVE-2002-0491

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

08/12/2002

CVE-2002-0490

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

08/12/2002

CVE-2002-0489

Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.

08/12/2002

CVE-2002-0488

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.

08/12/2002

CVE-2002-0487

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g. from the browser's cache.

08/12/2002

CVE-2002-0486

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.

08/12/2002

CVE-2002-0485

Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.

08/12/2002

CVE-2002-0484

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

08/12/2002

CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

08/12/2002

CVE-2002-0482

Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.

08/12/2002

CVE-2002-0481

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

08/12/2002

CVE-2002-0480

ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.

08/12/2002

CVE-2002-0479

Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.

08/12/2002

CVE-2002-0478

The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.

08/12/2002

CVE-2002-0477

Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.

08/12/2002

Security News 139381 - 139400 of 144358
First | Prev. | 6968 6969 6970 6971 6972 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015