[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

146256

 
 

909

 
 

116919

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 146258 Download | Alert*

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server.

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp.

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.

SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.

Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.

Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.

Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.


Pages:      Start    13400    13401    13402    13403    13404    13405    13406    13407    13408    13409    13410    13411    13412    13413    ..   14625

© SecPod Technologies