981 matches found
HP OmniInet.exe Opcode 20 Buffer Overflow
This module exploits a vulnerability found in HP Data Protector's OmniInet process. By supplying a long string of data as the file path with opcode '20', a buffer overflow can occur when this data is being written on the stack where no proper bounds checking is done beforehand, which results...
Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase M-Business Anywhere. Authentication is not required to exploit this vulnerability. The specific flaw exists within agsync.dll, which listens for SOAP and sync HTTP requests on ports 80 and 4...
McAfee Multiple Products LHA Type-2 File Handling Buffer Overflow (CVE-2005-0644)
McAfee, formally Network Associates Incorporated, produces a number of popular anti-virus products for both Enterprise and Desktop consumer use. These products are capable of detecting malicious content not only within regular files but also within compressed archives such as LHA archives. There...
Oracle Application Server 10g emagent.exe Stack Buffer Overflow
Oracle Database is an enterprise-level relational database suite. It contains many components that enable users and administrators to access it for various tasks, such as database manipulation, or administration of the numerous Oracle services. One of such management utilities in the Oracle...
Ipswitch IMail Server SMTP Service Buffer Overflow (CVE-2006-4379)
The Ipswitch IMail Server is a mail server product geared towards medium to large size organizations. It contains implementations of POP3, IMAP4, and SMTP servers. The SMTP server module is installed and started in a default installation. There exists a vulnerability in the SMTP module of the...
MailEnable IMAP Service Invalid Command Buffer Overflow (CVE-2004-2501)
MailEnable is an email server suite for the Microsoft Windows platform. The product supports various popular mail transfer protocols such as SMTP, POP3 and IMAP. The components of the MailEnable product are installed as individual services on the system, called Connectors. A stack buffer overflow...
CA Multiple Products Console Server Login Handling Buffer Overflow (CVE-2007-2522)
CA Computer Associates provides a group of products intended for enhancing the security of enterprise as well as individual clients. Main series of these products were formerly known as CA eTrust products. The following is a brief list of major products in this group: CA Anti-Virus for the...
Microsoft Windows privilege escalation
Invalid event handling allows code execution in system context...
Microsoft Windows SafeDisk driver buffer overflow
Buffer overflow in secdrv.sys driver allows code execution in syste, context...
Apple Quicktime code execution
It's possible to execute script in browser's system context...
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability
ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-045.html December 12, 2006 -- CVE ID: CVE-2006-6335 -- Affected Vendor: Sophos -- Affected Products: All versions of Sophos Anti-Virus v2.40 scanning engine --...
EEYE: McAfee ePolicy Orchestrator Remote Compromise
McAfee ePolicy Orchestrator Remote Compromise Release Date: July 13, 2006 Severity: High Remote Code Execution Vendor: McAfee Systems Affected: McAfee Common Management EPO Agent versions below version 3.5.5.438 Overview: McAfee ePolicy Orchestrator is the remote security management software for...
CVE-2002-0700
This CVE concerns Microsoft Content Management Server (MCMS) 2001, where a buffer overflow in the Profile Service (an MDAC-related function used during user authentication) can allow an attacker to execute code in the Local System context by authenticating to a vulnerable web page. The issue is c...
Norton antivirus privelege escalation
Можно запустить помощь winhlp32.exe в контексте локальной системы...
iPlanet Web Server 4.1 - Search Component File Disclosure
source: https://www.securityfocus.com/bid/5191/info The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to ...
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...
Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (2)
Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow 2 / source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the...
Microsoft Index Server 2.0 Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)
Microsoft Index Server 2.0 Indexing Service Windows 2000 - ISAPI Extension Buffer Overflow PoC // source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the...
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (3)
source: https://www.securityfocus.com/bid/2880/info Windows Index Server ships with Windows NT 4.0 Option Pack; Windows Indexing Service ships with Windows 2000. An unchecked buffer resides in the 'idq.dll' ISAPI extension associated with each service. A maliciously crafted request could allow...
Дырка в Windows 2000 (Network DDE Agent privilege elevation)
Network DDE Agent выполняет запросы клинтской программы в контексте локальной системы вместо контекста запрашивающего пользователя...