Liferay Enterprise Portal is said to be subject to multiple cross site scripting flaws.
6a406562d84aca76726075d51e3b23200851d5566a3bce7dbf86b4d418ad6b38
A vulnerability, caused due to an unspecified error within Xconfig, has been discovered in Exceed versions 9.x. When exploited, local users can bypass certain restrictions.
ed2ff2c4f566f565d33db59092d739c063a6c615a912c4ac303918b0f624d4d2
An ActiveX Control provided by Symantec Norton Antivirus 2004 contains a remotely exploitable DoS condition. In order to trigger this vulnerability, malicious website administrators must induce Internet Explorer users to view a specially crafted web site, which will consequently consume a lot of system resources.
b8d95ab82a67ea2b5d834503696acb10b2db9577517d8d464b4f51e4ac230bb8
ucd-snmp versions 4.2.6 and below suffer from a buffer overflow on the command line when the daemon is spawned.
24514b893dcbc9255cf0b3b4192324d7c0f00059646711e8fb3fc0a35111ed7c
All versions of e107 have a vulnerability that allows html tags and content to be posted to the stats page and to be listed under Referers. This allows an attacker to put any site link or code they want on the list of Referers.
3d071845699b3f18e1a62591cd0f475ad46e2ef07f146eec7372ff10fd3ab1a3
Microsoft Windows Explorer suffers from a flaw where it will execute underlying files when they are linked in html pages.
fa8e114e14244e1f93821759c64b4ffa1f4446012b15d9869310e70a1b766d32
libneon versions 0.24.5 and below have a date parsing vulnerability that can cause a heap overflow leading to remote code execution.
fd7e17bedc1598a0830757530b0b9b4afe6450f6c87086efb576758a8d95fde2
Subversion versions 1.0.2 and below suffer from a date parsing vulnerability that can be abused to allow remote code execution server-side.
f76bddd9ae508f184655ae5c58ceb47a83f29a5ca92d28792bf23c723330af88
Sun has released an advisory regarding Java Secure Socket Extension. Versions 1.0.3, 1.0.3_01, and 1.0.3_02 of JSEE allow malicious web sites to impersonate trusted web sites.
851e00d7595e3609cd0d8cb1108c79639bd8caa83fc7bef870c762fbbbc6dff7
Zen Cart version 1.1.2d fails to properly validate user-supplied input and in turn allows remote attackers the ability to perform SQL injection attacks.
00045589f8f2e0543da948284faffdb7fa5dc401045ef97d927d197cb023d1bd
Within phpMyFAQ an input validation problem exists which allows an attacker to include arbitrary local files. With known tricks to inject PHP code into log or session files this could lead to remote PHP code execution. Versions affected are 1.3.12 and below for the stable releases, and 1.4.0-alpha1 and below for the developer releases.
cc512101e9d54c9eba31343dacb2a44138d5ce10c2a326dca09787990a61a49c
Certain system folders on Microsoft Windows XP are created referencing the shellclassinfo in desktop.ini, allowing for executables to be masked as elsewise.
a4456c08095c611bdcec5b288f26f62db8ddb5844e28427b806218b0eb3b2218
Stable CVS releases up to 1.11.15 and CVS feature releases up to 1.12.7 both contain a flaw when deciding if a CVS entry line should get a modified or unchanged flag attached. This results in a heap overflow which can be exploited to execute arbitrary code on the CVS server. This could allow a repository compromise.
00c2f250dd0b9f331e85b739415381b86f0e2189bb6869f8fc74364b3f7c03d1
Blue Coat Security Gateway OS (SGOS) 3.x releases suffer from a private key disclosure vulnerability where the key and passphrase are stored in clear text when being imported via the web-based management console.
618fc697e20741645614005f71356499b25ff5da2c4770eaab63019f287b71c3
Microsoft Outlook 2003 allows for a security zone bypass when an embedded OLE object with a reference to a Windows media file in a Rich Text Format (RTF) message is received.
5bf5bc65e12021c3781270decf58bd776d636f05498f59327d50d8ef47731e58
Secure Computing has reported multiple denial of service vulnerabilities in their Sidewinder G2 firewall.
174e7ee25f3feb9fddbfa8a1396ac9d3eb41c7891c1870711074ce1e244ed73f
SGI Security Advisory 20040503-01-P - Under certain conditions, rpc.mountd goes into an infinite loop while processing some RPC requests, causing a denial of service. Affected releases: SGI IRIX 6.5.x.
60b6fab3dcc07e154a22aa2c18072a5e408070846522782d959a9681d25da497
ActiveState's ActivePerl version 5.8.0 and 5.8.3 on the Win32 platform seems to have a buffer overflow that allows for the crashing of Perl.exe.
cb74262362d1bc8c25961c0aed2a211fdd10c5d0201a54eb37c69c18a3cff6b0
PHP-Nuke versions 6.x to 7.3 allow for possible file inclusion.
4d43d506de22ba54c5b3d72da244b7c2d217bc83ffb12200388c179db7006a74
A vulnerability has been found in Microsoft Internet Explorer that allows an attacker to use a specially coded ImageMap to spoof the URL displayed in the lower, left hand corner of the browser.
8c3fdeaa071f14ee81765c1b6df9a48ff1f40f432e665e83159d54309433249d
Safari versions 1.2 and below suffer from a vulnerability that can lead to remote arbitrary code execution via the runscript aspect of the HTML rendering functionality.
9e44db693ef039ea12ac05b37053e283a17b3e84e0532483b7f21b85bf1753f8
WebCT is susceptible to cross site scripting vulnerabilities.
773b3e54431153fe94a1a32d6773c83940f16f7a00f8f405d5b7c3f5865313e0
TTT-C is susceptible to multiple cross site scripting attacks due to the fact that it does not sanitize variables.
c91bdc0933621f5763fcee66756f8fc9671ef644afef3cba1e18de848a62e167
NetChat, an application intended to allow users on the same subnet to chat with one another, is susceptible to a stack-based buffer overflow. Versions 7.3 and below are affected. The overflow allows for arbitrary code execution under the user running the application.
0b23d03452960631df48fd8aceeddd1515e1df9580a7a65525607ba2e60e0f00
AUSCERT Advisory - A vulnerability exists in hardware implementations of the IEEE 802.11 wireless protocol that allows for a trivial but effective attack against the availability of wireless local area network (WLAN) devices.
a46c2a37097c474213beefb0ef777f388574dfbff75a232f91c1838edbf91fe4