Windows媒体解压多个远程代码执行漏洞（MS10-033）

BUGTRAQ ID: 40464,40432 CVE ID: CVE-2010-1879,CVE-2010-1880 Windows是微软发布的非常流行的操作系统。 Windows中的多个多媒体处理组件在处理媒体文件时没有正确地解析其中的压缩数据，如果用户打开了特制的媒体文件，就可能允许远程代码执行。如果用户以管理权限登录，则成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft DirectX 9.0 Microsoft Media Format Runtime 9.5 x64 Microsoft Media Format Runtime 9.5 Microsoft...

Code execution with multiple ActiveX components in Microsoft Windows

No description provided...

[20100501] - Core - Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components

Hi Bugtraq, This is regarding multiple XSS vulnerabilities in multiple core components of the administrative section of Joomla! Project: Joomla! SubProject: All Severity: High Versions: 1.5.17 and all previous 1.5 releases Exploit type: XSS Injection Reported Date: 2010-May-13 Fixed Date:...

Joomla! Component Percha Image Attach 1.1 - 'Controller' Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/40244/info Multiple Percha components for Joomla are prone to multiple local file-include vulnerabilities because they fail to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information...

Joomla News / Article / Content / Event Cross Site Scripting

x Joomla Component News x Date: 14/05/2010 x Author: s4r4d0 x Contact: [email protected] x Team; Fatal Error x Bug: XSS on Component News x Example: http://www.site.com/index.php?option=comnews=XSS x Demo: http://www.bgci.org/index.php?option=comnews="XSS By Fatal Error x Made in Brazil x Joomla...

Mac OS X Security Update 2008-005

The remote host is missing Security Update 2008-005. SPDX-FileCopyrightText: 2010 LSS Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002

The remote host is missing Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002. One or more of the following components are affected: Apache ATS BIND CFNetwork CoreGraphics Cscope CUPS Disk Images enscript Flash Player plug-in Help Viewer iChat International Components for Unicode IPSec...

Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003

The remote host is missing Mac OS X 10.5.3 Update / Mac OS X Security Update 2008-003. One or more of the following components are affected: AFP Server Apache AppKit Apple Pixlet Video ATS CFNetwork CoreFoundation CoreGraphics CoreTypes CUPS Flash Player Plug-in Help Viewer iCal International...

Mandriva Update for mds MDVA-2010:142 (mds)

Check for the Version of mds OpenVAS Vulnerability Test Mandriva Update for mds MDVA-2010:142 mds Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

VulnCheck KEV: CVE-2006-0003

Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects ADO and distributed in Microsoft Data Access Components MDAC 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors...

VulnCheck KEV: CVE-2006-5559

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects ADODB.Connection.2.7 and ADODB.Connection.2.8 in the Microsoft Data Access Components MDAC 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows...

Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)

$Id: ms09043owchtmlurl.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

[SECURITY] Fedora 11 Update: kdebase-workspace-4.4.2-5.fc11

The KDE Workspace consists of what is the desktop of the KDE Desktop Environment. This package contains: khotkeys a hotkey daemon klipper a cut & paste history utility kmenuedit the menu editor krandrtray resize and rotate X screens krunner a command run interface ksysguard a performance monitor...

Design/Logic Flaw

Unspecified vulnerability in the User Interface Components in Oracle Collaboration Suite 10.1.2.4 allows remote attackers to affect integrity via unknown vectors...

Microsoft Data Access Components ActiveX Data Objects Memory Corruption Vulnerability

Description Microsoft Data Access Components are prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...

Oracle Document Capture empop3.dll — insecure method

Application: Oracle Document Capture Versions Affected: 6.4 — 7.2 Vendor URL: http://www.oracle.com Bugs: Insecure method, File overwriting, File deleting Exploits: YES Reported: 22.03.2010 Vendor response: 31.03.2010 Date of Public Advisory: 24.01.2011 CVE-number:CVE-2010-3591 Author: Evdokimov...

Novell ZENworks Desktop Management ActiveX Control Buffer Overflow (CVE-2008-5073)

Novel ZENworks Desktop Management is a resource management solution for workstations and laptops. The product include various software components that are installed on management and managed computers. One of these software components is an ActiveX control implemented in file AxNalServer.dll. A...

Mozilla Base64 decoding crash

Multiple integer overflows in the 1 PLBase64Decode and 2 PLBase64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash...

Directory traversal

Directory traversal vulnerability in CuteSoftClient/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...

CVE-2009-4665

Directory traversal vulnerability in CuteSoftClient/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. dot dot in the file parameter...