TTC Shelbyville – Technical Blog
It's not where you are at today, it is where you are going tomorrow. ~Steve Mallard
Hits | SV (NI)
- 963,229 hits
Steve’s Favorites
Recent Posts
- Install Snort on Windows
- Reset Windows 7 services
- Network Connections folder empty
- Security Expert Fools, Records Fake Antivirus Scammers – Dark Reading
- CIT – Moves real hardware to the cloud LMS for IT Students
- Cyber Terrorism – Al Qaeda Video Calls for Electronic Jihad
- A Cross-browser Worm that affects all operating systems?
- How to make an ODBC connection to an SQL Database
Top Posts
- Test Your Hard Drive Speed With Windows 7's Device Manager
- Creating a Roaming Profile -Windows 7 and Server 2008 r2
- Enable NetBIOS over TCP/IP
- Increase hard drive size in VirtualBox
- Optimize Your Windows 7 or Windows Vista Internet Connection
- NTop for Windows
- DiskMax Cleans Your Hard Drive
- Release Mouse From VirtualBox
- Show the Administrator Account in Vista and Windows 7
- Measure your hard drive speed using Winsat
National Vulnerability Database
- CVE-2012-2943 (cryptographp)CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.
- CVE-2012-2942 (haproxy)Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.
- CVE-2012-2941 (yandex.server_2010)Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
- CVE-2012-2940 (real-draw_pro)MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file.
- CVE-2012-2939 (travelon_express)Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php.
- CVE-2012-2938 (travelon_express)Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.
- CVE-2012-2937 (pligg_cms)Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_mes […]
- CVE-2012-2936 (pligg_cms)Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php.
- CVE-2012-2436 (pligg_cms)Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parame […]
- CVE-2012-2435 (pligg_cms)Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks.
- CVE-2012-2935 (online_merchant)Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059.
- CVE-2012-2235 (support_incident_tracker)Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message.
- CVE-2012-1792 (online_merchant)Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this mi […]
- CVE-2012-1413 (zen_cart)Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php.
- CVE-2012-2568 (blackarmor_nas)d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
