8292 matches found
Microsoft OWC Spreadsheet HTMLURL Buffer Overflow
This module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Microsoft OWC Spreadsheet HTMLURL Buffer Overflow
$Id: ms09043owchtmlurl.rb 8698 2010-03-03 18:12:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Solaris Update for ehci, ohci, uhci 141511-06
Check for the Version of ehci, ohci, uhci OpenVAS Vulnerability Test Solaris Update for ehci, ohci, uhci 141511-06 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Aurora Attack Malware Components May Be Four Years Old
Although the first known attacks using the Aurora malware that compromised Google weren’t discovered until late last year, some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that...
Sql injection
SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...
CVE-2009-4625
The CVE-2009-4625 entry concerns BF Survey Pro Free (com_bfsurvey_profree) for Joomla! where the updateOnePage action (table parameter) is vulnerable to SQL injection. Affected versions include 1.2.4 and other versions prior to 1.2.6. The vulnerability arises from improper validation of the table...
phpGroupWare多个输入验证漏洞
BUGTRAQ ID: 35761 CVE ID: CVE-2009-4414,CVE-2009-4415,CVE-2009-4416 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 phpGroupWare的多个组件中存在输入验证错误,远程攻击者可以通过提交恶意请求泄露敏感信息、执行跨站脚本或SQL注入攻击。 1 没有正确地验证传送给csvfile参数的输入便在addressbook/csvimport.php中使用,这可能导致在受影响系统上读取任意文件的内容。 2...
Microsoft Data Access Components Broadcast Reply Buffer Overflow (MS04-003; CVE-2003-0903)
The SQL Server Resolution Protocol is a simple application-level protocol that is used for the transfer of requests and responses between clients and database server discovery services. Microsoft Data Access Components MDAC is a collection of components that provides the underlying functionality...
VMSA-2009-0016:VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
VMSA-2009-0016.6 VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0016.6 VMware Security Advisory Synopsis: VMware vCenter and ESX update release and vMA...
Buffer overflow
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...
CVE-2009-2833
The CVE-2009-2833 entry describes a buffer overflow in the UCCompareTextDefault API of International Components for Unicode used by Apple Mac OS X 10.5.8. The vulnerability affects the UCCompareTextDefault function in ICU; exploitation could lead to an application crash or arbitrary code executio...
jetty 6.x < 7.x - Cross-Site Scripting / Information Disclosure / Injection
Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...
CA iTechnology iGateway Service Content-Length Buffer (CVE-2005-3653)
Numerous Computer Associates CA products incorporate shared components that perform common tasks not specific to any one product. One such component is the CA iGateway service. The iGateway service is an XML-based interface that integrates with storage management applications and facilitates...
PT-2009-4932 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4, 6, 6 SP1, 7, and 8 Description: The issue arises from improper argument validation for unspecified variables, allowing remote attackers to execute arbitrary code via a crafted HTML document. This...
Solaris Update for lp 141779-05
Check for the Version of lp OpenVAS Vulnerability Test Solaris Update for lp 141779-05 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the GNU...
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...
Update Scanner - Firefox Extension - Chrome Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Update Scanner Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Update Scanner is vulnerable to Cross Site Scriptin...