crazylazy.info

Drupal version 6.16 with OG Menu version 6.x-2.0 suffers from a cross site scripting vulnerability.

Ad Network Script suffers from a cross site scripting vulnerability.

SimpGB versions 1.37.3 and below suffer from a cross site scripting vulnerability.

Microsoft Excel 0x5D record stack overflow exploit.

Zenphoto CMS version 1.3 suffers from multiple cross site request forgery vulnerabilities.

Procheckup has found by making a malformed request to the Juniper IVE Web interface without authentication, that a vanilla cross site scripting (XSS) attack is possible.

2daybiz Businesscard Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Virtual Security Research, LLC. Security Advisory - Over the last several years, VSR analysts had observed unusual behavior in multiple WebLogic deployments when certain special characters were URL encoded and appended to URLs. In late April, 2010 VSR began researching this more in depth and found that the issue could allow for HTTP header injection and HTTP request smuggling attacks.

Arora Browser version 0.10.0-1 remote denial of service exploit.

Diferior CMS version 8.01 suffers from multiple cross site request forgery vulnerabilities.

Struts2/XWork suffers from a remote command execution vulnerability.

The Joomla QContacts component suffers from a remote SQL injection vulnerability.

AJ Article suffers from a persistent cross site scripting vulnerability.

CustomCMS suffers from a persistent cross site scripting vulnerability.

ASX to MP3 Converter version 3.1.2.1 SEH exploit with DEP and ASLR bypass for multiple OSes.

Help and Support Center is the default application provided to access online documentation for Microsoft Windows. Microsoft supports accessing help documents directly via URLs by installing a protocol handler for the scheme hcp . Due to an error in validation of input to hcp:// combined with a local cross site scripting vulnerability and a specialized mechanism to launch the XSS trigger, arbitrary command execution can be achieved. On IE7 on XP SP2 or SP3, code execution is automatic. If WMP9 is installed, it can be used to launch the exploit automatically. If IE8 and WMP11, either can be used to launch the attack, but both pop dialog boxes asking the user if execution should continue. This exploit detects if non-intrusive mechanisms are available and will use one if possible. In the case of both IE8 and WMP11, the exploit defaults to using an iframe on IE8, but is configurable by setting the DIALOGMECH option to none or player .

Diem version 5.1.2 suffers from multiple cross site scripting vulnerabilities.

I-net Enquiry Management Script suffers from a remote SQL injection vulnerability.

Asterisk Recording Interface suffers from cross site request forgery, cross site scripting, denial of service, local file inclusion and path disclosure vulnerabilities.

Orbis CMS version 1.0.2 suffers from multiple cross site request forgery vulnerabilities.