250 matches found
CVE-2007-2385
The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
CVE-2007-2385
The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
security flaw
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...
Windows NetDDE buffer overflow
Added: 02/24/2006 CVE: CVE-2004-0206 BID: 11372 OSVDB: 10689 Background Network Dynamic Data Exchange NetDDE is a Windows service which allows two applications to communicate with each other over a network. Problem A buffer overflow in the NetDDE service could allow a remote, anonymous attacker t...
CVE-2004-0206
Network Dynamic Data Exchange NetDDE services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer,"...
SUN jdk crossite scripting
jdk undocumented static variable may allow data exchange between sites...
Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System
Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...
CVE-2001-0015
Network Dynamic Data Exchange DDE in Windows 2000 allows local users to gain SYSTEM privileges via a "WMCOPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process...
CVE-2001-0015
Network Dynamic Data Exchange DDE in Windows 2000 allows local users to gain SYSTEM privileges via a "WMCOPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process...
Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility
Ben, this is an updated version. Plese let this one thru, if it isn't too late. Thanks. Even my girlfriend said this bug is incredible :P Sit and relax. First of all, a few words from me. Sorry for that if you hate my occassional intros - please appreciate that I am not putting 80x20 ASCII 'A D V...