5836 matches found
[HV-HIGH] Microsoft Jet DB engine vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Jet DB engine vulnerabilities Classification: =============== Level: low-med-HIGH-crit ID: HEXVIEW200503311 URL: http://www.hexview.com/docs/20050331-1.txt Overview: ========= Microsoft Jet database is a lightweight database widely used by M...
CVE-2004-1209
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase...
CVE-2004-0901
Microsoft Word for Windows 6.0 Converter MSWRD632.WPC, as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different...
[Full-Disclosure] [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RIM Blackberry buffer overflow, DoS, data loss Classification: =============== Level: low-med-HIGH-crit ID: HEXVIEW200410121 Overview: ========= RIM Blackberry is a Java-based wireless connectivity solution providing phone, e-mail, and other services ...
[Full-Disclosure] [HV-HIGH] MS Word multiple exceptions, at least one exploitable
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MS Word multiple exceptions, at least one exploitable. Classification: =============== Level: low-MED-high-crit ID: HEXVIEW200410061 Overview: ========= MS Word is a highly overrated and widely used text processor, a part of monstrous collection of...
[BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bugzilla Security Advisory July 10, 2004 Summary ======= Bugzilla is a Web-based bug-tracking system, used by a large number of software projects. This advisory covers security bugs that have recently been discovered and fixed in the Bugzilla code: In...
vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing
source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data. Remote attackers may potentially exploit th...
vBulletin 1.02.x3.0 - index.php User Interface Spoofing
vBulletin 1.02.x3.0 - index.php User Interface Spoofing source: https://www.securityfocus.com/bid/10362/info A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of...
E-Zone Media FuzeTalk 2.0 - 'AddUser.cfm' Administrator Command Execution
source: https://www.securityfocus.com/bid/10276/info It has been reported that FuseTalk is affected by an administrator command execution vulnerability in the adduser.cfm script. This issue is due to a failure of the application to properly validate the origin of user supplied data. This issue...
Digital Reality Game Engine 1.0.x - Remote Denial of Service
Digital Reality Game Engine 1.0.x - Remote Denial of Service // source: https://www.securityfocus.com/bid/9736/info It has been reported that the Digital Reality Game engine is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to validate packet...
P-News 1.16 - Administrative Account Creation
P-News 1.16 - Administrative Account Creation source: https://www.securityfocus.com/bid/7689/info A vulnerability has been reported that could enable a P-News member to create and access an administrative account. This is due to insufficient validation of data supplied to account editing input...
Multiple IPsec implementations do not adequately validate authentication data
Overview IPsec implementations from multiple vendors do not adequately validate the authentication data in IPsec packets, exposing vulnerable systems to a denial of service. Description For background: RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC...
DCForum 6.0 - Remote Admin Privilege Arbitrary Commands
source: https://www.securityfocus.com/bid/2728/info DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of arbitrary...
SCO Unixware 7.07.0.17.1 - Xsco Buffer Overflow
SCO Unixware 7.07.0.17.1 - Xsco Buffer Overflow // source: https://www.securityfocus.com/bid/824/info Under certain versions of Unixware, the SUID program Xsco is vulnerable to a buffer overflow attack. The problem lies in that Xsco does not sanity check user supplied data. // UnixWare7...
SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 - su(1) Buffer Overflow
// source: https://www.securityfocus.com/bid/826/info Certain versions of Unixware ship with a version of su1 which is vulnerable to a buffer overflow attack. This attack is possible because su1 fails to sanity check user supplied data, in this instance a username supplied on the command line...
ROS-2-1459
2.1459 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...