3939 matches found
Cross site request forgery (csrf)
Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of functio...
CVE-2008-2926
The kmxfw.sys driver in CA Host-Based Intrusion Prevention System HIPS r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service system crash or possibly gain privileges via a crafted request...
X.org Record and Security extensions memory corruption
The 1 SProcRecordCreateContext and 2 SProcRecordRegisterClients functions in the Record extension and the 3 SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with...
X.org Record and Security extensions memory corruption
The 1 SProcRecordCreateContext and 2 SProcRecordRegisterClients functions in the Record extension and the 3 SProcSecurityGenerateAuthorization function in the Security extension in the X server 1.4 in X.Org X11R7.3 allow context-dependent attackers to execute arbitrary code via requests with...
X.org Render extension ProcRenderCreateCursor() crash
Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service daemon crash via unspecified request fields that are used to calculate a glyph buffer size, which triggers a...
Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code
Overview Fuktommy.com httpd.pl included in its HTML preprocessor contains a vulnerability which may allow an attacker to view arbitrary CGI source code. Fuktommy.com httpd.pl included in its HTML preprocessor is an open source web server. It contains a vulnerability which may allow an attacker to...
CVE-2008-0962
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface...
CVE-2008-1701
Novell NetWare 6.5 allows attackers to cause a denial of service ABEND via a crafted Macintosh iPrint client request...
Authentication flaw
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers...
CVE-2008-0895
BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows remote attackers to bypass authentication for application servlets via crafted request headers...
3Proxy HTTP Proxy Crafted Transparent Request Remote Overflow
The remote host is running 3proxy, an application proxy supporting many protocols Telnet, FTP, WWW, and more. A stack overflow vulnerability has been detected in 3proxy prior to 0.5.3h and 0.6b-devel before 20070413. By sending a long host header in HTTP GET request, a remote attacker could...
CVE-2008-0680
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted SNMP SET request...
CVE-2008-0573
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRVIOCTL IOCTL request...
CVE-2008-0573
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRVIOCTL IOCTL request...
GLSA-200801-22 : PeerCast: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200801-22 PeerCast: Buffer overflow Luigi Auriemma reported a heap-based buffer overflow within the 'handshakeHTTP' function when processing HTTP requests. Impact : A remote attacker could send a specially crafted request to the...
Samba lsa_io_trans_names buffer overflow
Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...
CVE-2007-6174
PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information...
GLSA-200711-13 : 3proxy: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200711-13 3proxy: Denial of Service 3proxy contains a double free vulnerability in the ftpprchild function, which frees param-hostname and calls the parsehostname function, which in turn attempts to free param-hostname again. Impa...
Code injection
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified numbe...
CVE-2007-2798
Stack-based buffer overflow in the renameprincipal2svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal...