«
Expand/Collapse
59 items tagged "arbitrary web"
Related tags:
ruby [+],
bigdecimal class [+],
bigdecimal [+],
txt [+],
gnu mailman [+],
mandriva linux [+],
universal [+],
unavailable web [+],
ubuntu [+],
start [+],
script element [+],
red hat security [+],
red [+],
ocsinventory [+],
notice [+],
mdvsa [+],
luci [+],
feedparser [+],
feed [+],
eclipse ide [+],
drew yao [+],
doctype declaration [+],
django [+],
directory traversal vulnerability [+],
denial of service [+],
debian [+],
conga [+],
advisory [+],
administration application [+],
mandriva [+],
linux [+],
security [+],
web [+],
user interface [+],
sql commands [+],
php [+],
number [+],
microsoft [+],
javascript [+],
inventory [+],
internet explorer 8 [+],
index [+],
ie8 [+],
forcedtweet [+],
contexts [+],
advisory updates [+],
shell metacharacters [+],
setup [+],
script [+],
list [+],
frames index [+],
field [+],
linux security [+],
web script [+],
uri [+]
-
-
18:23
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-053 - Cross-site scripting vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The updated packages have been patched to correct this issue.
-
18:23
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-053 - Cross-site scripting vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The updated packages have been patched to correct this issue.
-
18:23
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-053 - Cross-site scripting vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The updated packages have been patched to correct this issue.
-
-
19:27
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
-
19:27
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
-
19:27
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.
-
-
23:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
23:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
23:00
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
-
-
7:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.
-
7:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.
-
7:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.
-
-
19:02
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.
-
19:02
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.
-
19:02
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.
-
-
14:39
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2384-1 - Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
-
14:39
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2384-1 - Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
-
14:39
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2384-1 - Several vulnerabilities have been discovered in cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands.
-
-
13:14
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.
-
13:14
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.
-
13:14
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.
-
-
7:35
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-098 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue. The updated packages have been patched to correct this issue.
-
7:35
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-098 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue. The updated packages have been patched to correct this issue.
-
7:35
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-098 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue. The updated packages have been patched to correct this issue.
-
7:34
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-097 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The FileUtils.remove_entry_secure method in Ruby allows local users to delete arbitrary files via a symlink attack. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue.
-
7:34
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-097 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The FileUtils.remove_entry_secure method in Ruby allows local users to delete arbitrary files via a symlink attack. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue.
-
7:34
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-097 - Cross-site scripting vulnerability in the WEBrick HTTP server in Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. The FileUtils.remove_entry_secure method in Ruby allows local users to delete arbitrary files via a symlink attack. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an integer truncation issue.
-
-
16:48
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-082 - Multiple vulnerabilities have been found and corrected in python-feedparser. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service via a malformed DOCTYPE declaration. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. The updated packages have been patched to correct these issues.
-
16:48
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-082 - Multiple vulnerabilities have been found and corrected in python-feedparser. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service via a malformed DOCTYPE declaration. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. The updated packages have been patched to correct these issues.
-
16:48
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-082 - Multiple vulnerabilities have been found and corrected in python-feedparser. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service via a malformed DOCTYPE declaration. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. The updated packages have been patched to correct these issues.
-
-
16:55
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-075 - Cross-site scripting vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
-
16:55
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-075 - Cross-site scripting vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
-
16:55
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-075 - Cross-site scripting vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
-
-
11:08
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
-
11:08
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
-
11:08
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-036 - Multiple cross-site scripting vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the username field in a confirmation message.
-
-
11:19
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
-
11:19
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
-
11:19
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-032 - Multiple cross-site scripting vulnerabilities in the Help Contents web application in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to help/advanced/content.jsp.
-
-
16:48
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.
-
16:48
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.
-
16:48
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-031 - Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery attacks via forged AJAX requests that leverage a combination of browser plugins and redirects, a related issue to CVE-2011-0447. Cross-site scripting vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload. Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / character in a key in a session cookie, related to session replays. The updated packages have been upgraded to the 1.1.4 version which is not vulnerable to these issues.
-
-
18:33
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-003 - MHonArc 2.6.16 allows remote attackers to cause a denial of service via start tags that are placed within other start tags. Cross-site scripting vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element.
-
18:33
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-003 - MHonArc 2.6.16 allows remote attackers to cause a denial of service via start tags that are placed within other start tags. Cross-site scripting vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element.
-
18:33
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-003 - MHonArc 2.6.16 allows remote attackers to cause a denial of service via start tags that are placed within other start tags. Cross-site scripting vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element.
-
-
15:45
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-256 - A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables. The updated packages have been patched to correct this issue.
-
15:45
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-256 - A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables. The updated packages have been patched to correct this issue.
-
15:45
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2010-256 - A cross-site scripting vulnerability in Gitweb 1.7.3.3 and previous versions allows remote attackers to inject arbitrary web script or HTML code via f and fp variables. The updated packages have been patched to correct this issue.
-
-
16:03
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-191 - Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field.
-
-
18:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-186 - Cross-site scripting vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. This upgrade provides phpmyadmin 3.3.7 which is not vulnerable for this security issue.
-
-
19:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-178 - Multiple cross-site scripting vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via the BASE parameter, or the ega_1 parameter. Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the onglet_bis parameter. Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via multiple inventory fields to the search form, reachable through index.php; or the Software name field to the All softwares search form, reachable through index.php. This upgrade provides ocsinventory 1.02.3 which is not vulnerable for these security issues.
-
19:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-178 - Multiple cross-site scripting vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via the BASE parameter, or the ega_1 parameter. Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the onglet_bis parameter. Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via multiple inventory fields to the search form, reachable through index.php; or the Software name field to the All softwares search form, reachable through index.php. This upgrade provides ocsinventory 1.02.3 which is not vulnerable for these security issues.
-
17:00
»
Packet Storm Security Advisories
Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.
-
-
21:29
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-160 - Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7f, allow remote attackers to inject arbitrary web script or HTML via the description parameter to host.php, or the host_id parameter to data_sources.php. Cacti before 0.8.7f, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the FQDN field of a Device or the Vertical Label field of a Graph Template. Cross-site scripting vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. Cross-site scripting vulnerability in utilities.php in Cacti before 0.8.7g, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. Multiple cross-site scripting vulnerabilities in Cacti before 0.8.7g, allow remote attackers to inject arbitrary web script or HTML via the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to data_input.php, gprint_presets.php, graphs.php, graph_templates_items.php, host_templates.php, lib/html_form.php, lib/html_tree.php, tree.php, and user_admin.php. This update provides cacti 0.8.7f, which is not vulnerable to these issues.
-
-
18:00
»
Packet Storm Security Recent Files
The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
-
18:00
»
Packet Storm Security Exploits
The Rekonq web browser is vulnerable to Javascript injection in a number of components of the user interface. Depending on the exact component affected this can lead to Javascript being executed in a number of contexts which in the worst case could allow an arbitrary web site to be spoofed or even for the Javascript to be executed in the context of an arbitrary context.
-
-
17:00
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-036 - This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
-
17:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-036 - This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution