1015 matches found
Microsoft Word malformed string vulnerability
Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...
[Full-disclosure] deV!L`z Clanportal - Arbitrary File Upload [061124b]
/ -061124b- | deV!Lz Clanportal - Arbitrary File Upload | / S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP...
Microsoft Office fails to properly parse malformed chart records
Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...
Microsoft Office fails to properly parse malformed records
Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...
Microsoft PowerPoint fails to properly handle malformed data records
Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed data records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint...
Microsoft Excel fails to properly process malformed STYLE records
Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...
Microsoft Excel fails to properly process malformed DATETIME records
Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...
Yahoo! Messenger < 8.0.0.863 File Extension Spoofing
Binary data 3700.prm...
Yahoo! Messenger 8.0.0.863 - File Extension Spoofing
Yahoo! Messenger 8.0.0.863 - File Extension Spoofing source: https://www.securityfocus.com/bid/19353/info A vulnerability in Yahoo! Messenger allows remote attackers to spoof file extensions. This issue is due to a design error. An attacker may leverage this issue to spoof downloaded filenames to...
Yahoo! Messenger 8.0.0.863 - File Extension Spoofing
source: https://www.securityfocus.com/bid/19353/info A vulnerability in Yahoo! Messenger allows remote attackers to spoof file extensions. This issue is due to a design error. An attacker may leverage this issue to spoof downloaded filenames to unsuspecting users. This issue may lead to a...
Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
No description provided by source. ScanAlert Security Advisory - http://www.scanalert.com Directory Listing in Apache Tomcat 5.x.x Date: 07/21/2006 Vendor: Apache Package: Tomcat Versions: 5.x.x 5.0.28, 5.5.12, 5.5.9, and 5.5.7 . Confirmed Credit: ScanAlert.s Enterprise Services Team. Overview:...
CVE-2006-3652
Microsoft Internet Security and Acceleration ISA Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "" character. NOTE: as of 20060715, this could not be reproduced by third parties...
CVE-2006-3652
Microsoft Internet Security and Acceleration (ISA) Server 2004 is affected by CVE-2006-3652, where remote attackers can bypass file extension filters by issuing a request with a trailing character '#'. The provided sources describe the vulnerability as a filter bypass but do not specify affected ...
Microsoft PowerPoint does not properly handle malformed shapes
Overview Microsoft PowerPoint contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens a specially crafted document. Accordin...
US-CERT Technical Cyber Security Alert TA06-167A -- Microsoft Excel Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-167A Microsoft Excel Vulnerability Original release date: June 16, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Excel 2003 Microsoft Excel XP 2002 Microsoft Excel for...
Microsoft Excel vulnerability
Overview An unspecified vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a specially crafted document. It is possible that the vulnerability can ...
Microsoft Word object pointer memory corruption vulnerability
Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...
PT-2006-3389 · Dubanner · Dubanner
Name of the Vulnerable Software and Affected Versions: DUbanner version 3.1 Description: The issue allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, to the add.asp endpoint, probably due to client-side enforcement that can be...
Design/Logic Flaw
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...
CVE-2006-2248
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension...