Microsoft HTML Help Compiler (hhc.exe) BOF POC

No description provided by source. Microsoft’s HTML Help Compiler hhc.exe is free tool to build Microsoft Compiled HTML Help .chm files. It is included within HTML Help Workshop and Visual Studio. The executable, hhc.exe, does not properly check the length of user-supplied command line arguments...

Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)

Microsoft HTML Help Compiler hhc.exe - Buffer Overflow PoC Microsoft’s HTML Help Compiler hhc.exe is free tool to build Microsoft Compiled HTML Help .chm files. It is included within HTML Help Workshop and Visual Studio. The executable, hhc.exe, does not properly check the length of user-supplied...

CentOS 5 : firefox (CESA-2008:0597)

Updated firefox packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 16th July 2008 The nspluginwrapper package has been added to this advisory to...

Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)

Microsoft’s HTML Help Compiler hhc.exe is free tool to build Microsoft Compiled HTML Help .chm files. It is included within HTML Help Workshop and Visual Studio. The executable, hhc.exe, does not properly check the length of user-supplied command line arguments. It is possible to gain control of...

Fedora Core 11 FEDORA-2009-12575 (cacti)

The remote host is missing an update to cacti announced via advisory FEDORA-2009-12575. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora 11 : cacti-0.8.7e-3.fc11 (2009-12575)

This fix contains several official patches from cacti: Command Line Add Graphs Syntax SNMP Invalid Responses Template Import/Export Duplication Cross-Site Scripting Fixes http://www.cacti.net/downloadpatches.php Note that Tenable Network Security has extracted the preceding description block...

CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute...

CVE-2009-4133

Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain privileges, by using a Condor command-line tool to modify an unspecified job attribute...

[SECURITY] Fedora 12 Update: postgresql-8.4.2-1.fc12

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...

Permission to use the highest system of accounts-vulnerability warning-the black bar safety net

One, at the command line to end the explorer process taskkill /f /im explorer.exe Second, the plan task start an interactive interface at 1 3:3 0 /interactive explorer.exe You must open the Task Scheduler service, the default is open. So when the 1 3:3 0 when the explorer process to the system us...

LAN invasion of the teacher computer---telnet-vulnerability warning-the black bar safety net

On machine hours, the PLMM before shoot it, teach you the invasion of the teacher computer. Said dry is dry, runCMDnet viewto see the local area of the online neighborgoal is to find a teacher to host the results are called me down from D01 to D50 I had thought that the teacher's machine it shoul...

The command line to kill various antivirus and security software of the method summary-the vulnerability warning-the black bar safety net

At the command line please use ntsd –c-q-p PID 或者 使用 c:\pskill.exe ravmon command to kill rising software About Norton Enterprise Edition“automatic File Protection“of the close method: 1Turn off the service:net stop "Symantec AntiVirus" successfully closed! 2closing process:Rtvscan, the CCAPP and...

[SECURITY] Fedora 10 Update: wireshark-1.2.1-1.fc10

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

Multiple Browsers Telnet URI Handler File Manipulation (CVE-2004-0411; CVE-2004-0473)

There exists a vulnerability that affects various web-browsers. Insufficient input validation for telnet URI e.g., telnet://hostname can cause the Telnet software activated by the browsers to treat specially crafted Telnet URI as command-line options. As such, a malicious attacker may be able to...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...

Google Apps googleapps.url.mailto handler command injection

Added: 10/13/2009 BID: 36581 Background Google Apps is a web-based productivity suite hosted by Google. Problem Google Apps handles googleapps.url.mailto URLs by passing the URL as a command-line argument to the googleapps.exe program without sufficiently validating the URL. This allows command...

Sun Java Web Start JNLP File Argument Injection (CVE-2005-0836)

The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. A vulnerability has been...

mysql: mysql command line client XSS flaw

Cross-site scripting XSS vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be...

InstantGet 2.08 Denial Of Service

""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" """ :::::: :: :: :: :: :: :::: """ """ :: :: :: :: :::::: .. :::: :: """ """ ::::: ::: ::::: :: :: :: :: :: :::: """ """ :: :: :: :: : :: :: :: :: :: :: """ """ :::::: :: :: ::::: :: :::::: :: :: :::: rs.ir """ """ :: """ """ """...

[SECURITY] Fedora 10 Update: postgresql-8.3.8-1.fc10

PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and user-defined types and functions. The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DB...