CVE-2008-0111

CVE-2008-0111 : A remote code execution vulnerability in Microsoft Excel 2000 SP3 through 2007, Excel Viewer 2003, Compatibility Pack, and Office 2004 for Mac exists due to improper validation of data in BIFF8 data validation records when loading files. Exploitation requires a user to open a craf...

Microsoft Excel Data Validation Record Processing Code Execution (MS08-014; CVE-2008-0111)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a targe...

Apache Tomcat多个远程信息泄露漏洞

BUGTRAQ ID: 25316 CVECAN ID: CVE-2007-3385,CVE-2007-3382 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理用户请求数据时存在输入验证漏洞，远程攻击者可能利用此漏洞获取会话相关的敏感信息。 Apache Tomcat没有正确的处理Cookie值中的“" ”字符序列，且错误地将Cookie值中的单引号处理为分隔符，在某些情况下，这可能导致泄露敏感信息，如会话ID。 Apache Group Tomcat 6.0.0 - 6.0.13 Apache Group Tomcat 5.5.0...

Design/Logic Flaw

PGP Desktop before 9.5.1 does not validate data objects received over the 1 \pipe\pgpserv named pipe for PGPServ.exe or the 2 \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which...

AnnonceScriptHP 2.0 - email.php?id SQL Injection

AnnonceScriptHP 2.0 - email.php?id SQL Injection source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

Outpost Firewall privilege escalation

Insufficient incoming data validation for DeviceSandBox device driver and SSDT hoocked functions...

[Full-disclosure] PacSec Hype Security Team: CGI.pm param injection

====================================================================== PacSec Hype Security Team param injection in CGI.pm and inheritors allows SQL injection and manipulation of data bypassing many perl web form validators ======================================================================...

DSA-1097-1 kernel-source-2.4.27 - several vulnerabilities

Bulletin has no description...

JVN#72225922 Apache Struts Validator allows to bypass input data validation

Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...

[Full-disclosure] [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Excel Named Range Arbitrary Code Execution Classification: =============== Level: low-med-HIGH-crit ID: HEXVIEW200603141 URL: http://www.hexview.com/docs/20060314-1.txt References: =============== Originally published by fearwall on eBay CVE...

LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion

source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...

CVE-2005-3901

CVE-2005-3901 affects Macromedia Flash Communication Server MX 1.0 and 1.5, where certain RTMP data is not properly validated, enabling a denial of service (instability or crash). The vulnerability is demonstrated using an alpha release build of Flash Player 8.5 (build 133). The connected documen...

Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

Description The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers...

Hardware Cisco IP phones SIP messages spoofing

Due to insufficient data validation an attacker can send Messages-Waiting message to phone...

phpMyVisites.txt

================================================================== File: phpMyVisites 1.3 local file retrieval From: remote Date: 26/04/2005 Credits: Max Cerny maxatczernydotcz Vendor: http://www.phpmyvisites.net Affected version: 1.3, not tested...

CVE-2005-0944

Unknown vulnerability in Microsoft Jet DB engine msjet40.dll 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file...

[exploit] phpMyVisites 1.3 local file retrieval

================================================================== File: phpMyVisites 1.3 local file retrieval From: remote Date: 26/04/2005 Credits: Max Cerny maxatczernydotcz Vendor: http://www.phpmyvisites.net Affected version: 1.3, other not tested...

Microsoft Jet Database - msjet40.dll DB File Buffer Overflow

Microsoft Jet Database - msjet40.dll DB File Buffer Overflow / -------------------------------------- Microsoft Jet msjet40.dll Exploit -------------------------------------- Author: ---------- S.Pearson Computer Terrorism UK www.computerterrorism.com 11/04/2005 Credits: ---------- Hexview origin...

Microsoft Jet Database - 'msjet40.dll' DB File Buffer Overflow

/ -------------------------------------- Microsoft Jet msjet40.dll Exploit -------------------------------------- Author: ---------- S.Pearson Computer Terrorism UK www.computerterrorism.com 11/04/2005 Credits: ---------- Hexview original advisory Tested on: ------------- Windows 2000 SP4 english...

CVE-2005-0944

Unknown vulnerability in Microsoft Jet DB engine msjet40.dll 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file...