1010 matches found
Mozilla Firefox 2.0.0.3 Gran Paradiso 3.0a3 - Hang Crash (Denial of Service)
Mozilla Firefox 2.0.0.3 Gran Paradiso 3.0a3 - Hang Crash Denial of Service usr/bin/python print "-------------------------------------------------------------------------" print " Mozilla Firefox 2.0.0.3 and Gran Paradiso 3.0a3 Denial of Service" print " author: shinnai" print " mail:...
Novell Access Management SSLVPN Server - Security Bypass
source: https://www.securityfocus.com/bid/22787/info Novell Access Management SSLVPN Server is prone to a security-bypass vulnerability. A remote authenticated attacker can exploit this issue to access corporate resources normally restricted within VPN access policy. This may lead to other attack...
CS-Gallery 2.0 (index.php album) Remote File Include Exploit
Exploit for unknown platform in category web applications ============================================================ CS-Gallery 2.0 index.php album Remote File Include Exploit ============================================================ ?php //File Inclusion Exploit for CSGallery = 2.0 //|...
Then the storm BBSxp 7.0 Beta 2 vulnerability-vulnerability warning-the black bar safety net
Author: TTFCT The vulnerability exists in the file setup. asp The first part of the Registration-login-post-edit-capture-package-promoted to administrator-change background-password - login backend-WEBSHELL Here I set the password as: ttfct1 ,NC submitted successfully provided for the...
Rediff Bol Downloader (ActiveX Control) Execute Local File Exploit
No description provided by source. !-- Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files Affected Program : Rediff Bol Download ActiveX ActiveX OCX Control that downloads the Rediff Bol Messenger setup and spawns it. Related URL : http://messenger.rediff.com/newbol/...
Discuz论坛爆物理路径
当把变量当成数组提交时,如果不存在该数组,但存在变量,后面的pregmatch正则表达式匹配不了, 这样就出现了绝对路径的泄露 Discuz!5.2 Discuz!5.1 Discuz!4.1 Discuz!4.0 http://www.discuz.net/ 打开论坛 include 目录下的 common.inc.php $extra = isset$extra && pregmatch 改成 $extra = isset$extra && @pregmatch 1.common.inc.php问题代码207行 ..... $navtitle = $navigation = '';...
SoX Local Buffer Overflow Exploiter (Via Crafted WAV File)
No description provided by source. --------------------------------- Begin Code: sox-exploiter.c --------------------------------- / Copyright Rosiello Security 2004 http://www.rosiello.org CVE Reference: CAN-2004-0557 Bug Type: Stack Overflow Date: 01/08/2004 Ulf Harnhammar reported that there a...
CVE-2006-4484
Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with inputcodesize greater than MAXLWZBITS, which triggers an overflow when initializing the table array...
Mambo MGM Component <= 0.95r2 Remote Inclusion Vulnerability
Exploit for unknown platform in category web applications ============================================================ Mambo MGM Component = 0.95r2 Remote Inclusion Vulnerability ============================================================ ---------------------------------------------------- Mamb...
7-Zip ARJ archive handling buffer overflow
Added: 06/09/2006 CVE: CVE-2005-3051 BID: 14925 OSVDB: 19639 Background 7-Zip is a free file archiver for Windows platforms. Problem A buffer overflow vulnerability in 7-Zip could allow code execution when a specially crafted ARJ file is opened. Resolution Upgrade to 7-Zip 4.27 beta or higher...
CVE-2006-0747
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...
Microsoft Visual Studio 6.0 sp6 - '.dbp' Local Buffer Overflow
/ Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit by Kozan Bug Discovered and Exploit Coded by: Kozan Credits to ATmaCA Web: www.spyinstructors.com Mail: [email protected] Affected Vendor: Microsoft www.microsoft.com Affected Products: Microsoft Visual Studio 6.0 with lates...
[eVuln] MyPhPim Arbitrary File Upload
New eVuln Advisory: MyPhPim Arbitrary File Upload --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: File Upload Class: Remote Status: Unpatched Exploit: Available Solution: Not...
CVE-2005-3885
The ps2epsi extension shell script ps2epsi.sh in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file...
CVE-2005-3737
Buffer overflow in the SVG importer style.cpp of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values...
CVE-2005-3662
Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option AlphasOfColor, allows attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors...
CVE-2005-2920
Buffer overflow in libclamav/upx.c in Clam AntiVirus ClamAV before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable...
Microsoft Windows 98SE - User32.dll Icon Handling Denial of Service
Microsoft Windows 98SE - User32.dll Icon Handling Denial of Service source: https://www.securityfocus.com/bid/13791/info The Microsoft 'user32.dll' library is prone to a denial of service vulnerability. The issue manifests when the library handles icon .ico files containing large size values...
CVE-2005-1544
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag...
CVE-2004-1717
Multiple buffer overflows in the psscan function in ps.c for gv ghostview allow remote attackers to execute arbitrary code via a Postscript file with a long 1 BoundingBox, 2 comment, 3 Orientation, 4 PageOrder, or 5 Pages value...