Add a generic HTML cleaning service

This will be able to be used by all components that need to display untrusted HTML: including HTML attachments, RSS feeds, and the html-include macro...

Add a generic HTML cleaning service

This will be able to be used by all components that need to display untrusted HTML: including HTML attachments, RSS feeds, and the html-include macro...

Microsoft Data Access Components (MDAC) contains buffer overflow

Overview Microsoft Data Access Components MDAC contains a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code or cause a denial of service. Description From Microsoft Security Bulletin MS04-003:Microsoft Data Access Components MDAC is a collection of...

Microsoft Security Bulletin MS04-003

Microsoft Security Bulletin MS04-003 Buffer Overrun in MDAC Function Could Allow Code Execution 832483 Issued: January 13, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Windows® Impact of vulnerability: Remote code execution Maximum Severity Rating:...

PT-2003-1107 · Openssh +1 · Openssh-Server +5

Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 3.7 OpenSSH-server versions 3.1p1 through 3.4p1 OpenSSH-askpass versions 3.1p1 through 3.4p1 OpenSSH-askpass-gnome versions 3.1p1 through 3.4p1 OpenSSH-clients versions 3.1p1 through 3.4p1 Description: The issue is...

CVE-2003-0353

Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components MDAC 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434...

Microsoft Security Bulletin MS03-033: Unchecked Buffer in MDAC Function Could Enable System Compromise (Q823718)

-----BEGIN PGP SIGNED MESSAGE----- - ----------------------------------------------------------------- Title: Unchecked Buffer in MDAC Function Could Enable System Compromise 823718 Date: 20 August 2003 Software: - Microsoft Data Access Components 2.5 - Microsoft Data Access Components 2.6 -...

CVE-2003-0353

CVE-2003-0353 details a Unicode buffer overflow in the SQL-DMO component of Microsoft MDAC (versions 2.5–2.7) that can be exploited by a long UDP broadcast response on port 1434, enabling remote code execution. Affected packages include MDAC 2.5/2.6/2.7 with various SPs; fixes are described in MS...

CVE-2003-0353

Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components MDAC 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434...

Microsoft Data Access Components ODBC Buffer Overflow Vulnerability

Description A buffer overflow vulnerability exists in Microsoft Data Access Components that may allow an attacker to run arbitrary code on a client machine. This vulnerability is exposed when a client or a SQL Server implementing the SQL-DMO library, sends a broadcast request for Microsoft SQL...

Multiple bugs in ActiveX components

Local files access in applet com.ms.xml.dso.XMLDSO.class and XMLHTTPConnection ActiveX, buffer overflow in xweb.ocx ActiveX Microsoft DirectX Files Viewer, TSAC and File Transfer Manager FTM ActiveX...

Multiple gnuts bugs

Multiple buffer overflows in different components...

CVE-2002-0727

The Host function in Microsoft Office Web Components OWC 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method...

CVE-2002-0621

CVE-2002-0621 involves a buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000. The underlying cause is a vulnerable installer routine that can be triggered by specific input to the OWC package installer, allowing a remote attacker to cause th...

CVE-2002-0621

Buffer overflow in the Office Web Components OWC package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer...

CVE-2002-0622

The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...

CVE-2002-0727

The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...

CVE-2002-0695

Buffer overflow in the Transact-SQL T-SQL OpenRowSet component of Microsoft Data Access Components MDAC 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command...

CVE-2002-0860

The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...

CVE-2002-0622

The Office Web Components OWC package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution"...