6827 matches found
CVE-2009-4324
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
/ / | | | / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,||,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities Discovered By c0dy http://r00tDefaced.net Greetz:...
Microsoft ASP.NET Resource Paths Canonicalization (MS05-004; CVE-2004-0847)
The .NET framework is a windows framework for building and running software. The framework supports a variety of programming languages. A component of this framework is ASP.NET which allows for the development of dynamic Web applications in different programming languages. A vulnerability exists ...
US-CERT Technical Cyber Security Alert TA09-286B -- Adobe Reader and Acrobat Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-286B Adobe Reader and Acrobat Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected Adobe Reader and Acrobat 9.1.3 and earlier 9.x versions Adobe Reader...
ZoIPer 2.22 - Call-Info Remote Denial of Service
!/usr/bin/python ZoIPer v2.22 Call-Info Remote Denial Of Service. Remote Crash P.O.C. Author: Tomer Bitton Gr33nG0bL1n Tested on Windows XP SP2 , SP3 , Ubuntu 8.10 Vendor Notified on: 21/09/2009 Vendor Fix: Fixed in version 2.24 Library 5324 Bad Chars: \x20 , \x09 import sys import socket import ...
Heap overflow
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtaine...
Ada Image Server 0.6.7 - imgsrv.exe Remote Buffer Overflow
Ada Image Server 0.6.7 - imgsrv.exe Remote Buffer Overflow !/usr/bin/python Only usable module with safeseh disabled on XP SP2 and XP SP3 is imgsrv.exe. However, it contains a null character in the address ex: XP SP3 = 00689aff. Versions above 0.6.7 do not seem to be vulnerable. $ ./imgsrv.py...
SuSE9 Security Update : gnome-vfs2,gnome-vfs2-doc (YOU Patch Number 10010)
This update fixes the following security problems : - The VFS scripts contained in GNOME are vulnerable to attacks on temporary files as well as command execution via shell meta-characters. These bugs can be exploited by accessing a malformated archive file. CVE-2004-0494 - Insufficient checks wh...
Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (AST-2009-006)
Asterisk is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...
IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Windows)
This host has IBM Lotus Notes installed and is prone to HTML Injection vulnerability. OpenVAS Vulnerability Test $Id: secpodibmlotusnoteshtmlinjvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability Windows Authors: Antu Sanadi Copyright:...
Mac OS X Multiple Vulnerabilities (Security Update 2009-005)
The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied. This security update contains fixes for the following products : - Alias Manager - CarbonCore - ClamAV - ColorSync - CoreGraphics - CUPS - Flash Player plug-in - ImageIO - Launch...
Mac OS X 10.6.x < 10.6.1 Multiple Vulnerabilities
The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.1. Mac OS X 10.6.1 contains security fixes for the following product : - Flash Player plug-in C Tenable Network Security, Inc. if !definedfunc"bnrandom" exit0; include'compat.inc'; if description scriptid40946;...
MYRE Holiday Rental Manager (action) SQL Injection Vulnerability
No description provided by source. Viva IslaM Viva IslaM Remote SQL Injection Vulnerability review.php action MYRE Holiday Rental Manager http://www.myrephp.com AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...
Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
This host is missing a critical security update according to Microsoft Bulletin MS09-048. OpenVAS Vulnerability Test $Id: secpodms09-048.nasl 5934 2017-04-11 12:28:28Z antu123 $ Microsoft Windows TCP/IP Remote Code Execution Vulnerability 967723 Authors: Sharath S Updated By: Madhuri D on...
Design/Logic Flaw
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...
CVE-2008-7168
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control UUUpgrade.ocx 3.0.2.12 allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009...
Design/Logic Flaw
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...
Re-Script 0.99 Beta - 'listings.php?op' SQL Injection
Viva IslaM Viva IslaM Remote SQL Injection Vulnerability listings.php op REScript V.0.99 Beta http://www.ebigman.com/ AuTh0r : Mr.SQL H0ME : WwW.55a.NeT Email : [email protected] -: ExploiteS :-...
Windows WINS Attacks In The Wild
The “critical” WINS vulnerability that Microsoft issued a patch for last week is now being exploited actively in the wild, according to the SANS Institute sans.org. The Internet Storm Center ISC, which is operated by SANS, is receiving preliminary reports that hackers are targeting Microsoft’s WI...
Videos Broadcast Yourself V2 (UploadID) SQL Injection Vuln
Exploit for unknown platform in category web applications ========================================================== Videos Broadcast Yourself V2 UploadID SQL Injection Vuln ========================================================== Viva IslaM Viva IslaM Remote SQL Injection Vulnerability...