Microsoft Internet Explorer 6 - Internet.HHCtrl Heap Overflow

Microsoft Internet Explorer 6 - Internet.HHCtrl Heap Overflow // MoBB Demonstration function Demo var a = new ActiveXObject"Internet.HHCtrl.1"; var b = unescape"XXXX"; while b.length Clicking the button below may crash your browser! milw0rm.com 2006-07-07...

Microsoft Internet Explorer 6 - 'Internet.HHCtrl' Heap Overflow

// MoBB Demonstration function Demo var a = new ActiveXObject"Internet.HHCtrl.1"; var b = unescape"XXXX"; while b.length Clicking the button below may crash your browser! milw0rm.com 2006-07-07...

KLA11446 SB vulnerability in WinSCP

Argument injection vulnerability was found in WinSCP. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Older Versions Related products WinSCP CVE list CVE-2006-3015 high Solution Update to the latest version Download WinSCP Impacts SB Security...

REVERSING MRXSMB.SYS CHAPTER II “NtClose DeadLock”

REVERSING MRXSMB.SYS CHAPTER II “NtClose DeadLock” Rubn Santamarta [email protected] www.reversemode.com May 15, 2006 Abstract Kernel Object Manager is prone to a deadlock situation which could be exploitable making unkillable any process running, complicating its elimination. INDEX...

Alt-N MDaemon 2-8 - IMAP Remote Buffer Overflow

source: https://www.securityfocus.com/bid/18129/info Alt-N MDaemon IMAP Server is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This iss...

[BuHa-Security] DoS Vulnerability in MS IE 6 SP2

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 --------------------------------------------------- | BuHa Security-Advisory 12 | May 25th, 2006 | --------------------------------------------------- | Vendor | MS Internet Explorer 6.0 | | URL | http://www.microsoft.com/windows/ie/ | | Version ...

USN-286-1: Dia vulnerabilities

Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user's privileges...

[Full-disclosure] ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability

ZDI-06-015: Apple QuickTime H.264 Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-015.html May 11, 2006 -- CVE ID: CVE-2006-1463 -- Affected Vendor: Apple -- Affected Products: Apple QuickTime versions prior to 7.1 -- TippingPointTM IPS Customer Protection:...

Apple QuickTime H.264 Parsing Buffer Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player. The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy loop allows an attacker to create an...

WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion

The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/incmain.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local file...

[Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable

Hello, There has recently been some discussion regarding whether or not the MSIE Nested Object Vulnerability reported by Michal Zalewski is exploitable or not. Link to Michal Zalewski Full-Disclosure Posting: http://lists.grok.org.uk/pipermail/full-disclosure/2006- April/045422.html Because of...

CVE-2006-1992

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service crash via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but...

Vulnerabilities in Papoo

k k kkkk kk kkkk k k kkkkkk kkkkkk kkkk k k k k k k k k k k k k k k kk k k k k kk k k k k kk kkkkk k kkkkk kk kk kkkkkk k k k k k k kk k k k k k k k kk k k k k k k k k k k k k kkkk kk kkkk k k kk k k kkkk k kk k k k =- Vulnerabilities in Papoo Author : Rusydi Hasan M a.k.a : cR45H3R Date :...

CVE-2006-1733

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...

CVE-2006-1102

CVE-2006-1102 affects Cube-based Sauerbraten (2006_02_28) and is linked to a denial of service when a server is forced to load a map (.ogz) whose name contains ".." and a length that blocks appending the .ogz extension. OpenVAS/NVD entries confirm the issue exists; Gentoo GLSA-200603-10 documents...

phpRPC Library Remote Code Execution

GulfTech Security Research February 26, 2006 Vendor : Robert Hoffman URL : http://sourceforge.net/projects/phprpc/ Version : phpRPC = 0.7 Risk : Remote Code Execution Description: phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly simplified with the use of database/rpc-protoc...

Cross site scripting

DISPUTED Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue i...

CVE-2006-0733

Cross-site scripting XSS vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as 1 onfocus and 2 onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only...

guestbookPHP.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- SySS-Advisory: XSS-vulnerability in guestbook-php-script - ------------------------------------------------------------------- Problem discovered: February 3d 2006 Vendor contacted:...

Integer overflow

Tiny C Compiler TCC 0.9.23 aka TinyCC evaluates the "isizeofint" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers...