4151 matches found
CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...
DEBIAN-CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...
CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...
OpenOffice.org-base allows Denial-of-Service and command injection
HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...
OpenOffice.org-base allows Denial-of-Service and command injection
HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...
CSTeX: Multiple vulnerabilities
Background CSTeX is a TeX distribution with Czech and Slovak support. It is used for creating and manipulating LaTeX documents. Description Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon GLSA 200709-17, GLSA 200711-26. CSTeX also includes vulnerable code from the GD...
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)
New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2,...
DCTStream:: reset()
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow...
security flaw
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...
openSUSE 10 Security Update : samba (samba-2584)
"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...
eGov Content Manager Cross Site Scripting Vulrnability
HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...
CVE-2007-5095
Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...
Hardcoded credentials
Microsoft Windows Media Player WMP 9 on Windows XP SP2 invokes Internet Explorer to render HTML documents contained inside some media files, regardless of what default web browser is configured, which might allow remote attackers to exploit vulnerabilities in software that the user does not expec...
Code injection
The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a custom skin that prints the content attribu...
CVE-2007-4888
The CVE-2007-4888 entry concerns XWiki 1.0 B1 and 1.0 B2. The issue is an error handler flaw where the doc variable is associated with the entire document content and metadata regardless of a user’s view rights. This allows remote authenticated users to read arbitrary documents by using a custom ...
CVE-2007-4510
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service application crash via 1 a crafted RTF file, which triggers a NULL dereference in the cliscanrtf function in libclamav/rtf.c; or 2 a crafted HTML document wit...
InterActual Player IAMCE ActiveX control stack buffer overflow
Overview The InterActual Player IAMCE ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...
Unrestricted file upload
Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...
CVE-2007-4182
Unrestricted file upload vulnerability in index.php in WikiWebWeaver 1.1 and earlier allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .gif.php, which is accessible from data/documents/...
Unauthorized access to wyciwyg:// documents — Mozilla
Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached wyciwyg documents. It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data...