CVE-2007-3883

The Data Dynamics ActiveBar ActiveX control actbar3.ocx 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in 1 the second argument to the Save method, or the first argument to the 2 SaveLayoutChanges or 3 SaveMenuUsageData method...

Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"--------------------------------------------------------------------------------------- bData Dynamics ActiveBar ActiveX Control actbar3.ocx = 3.1 Multiple Inscure Methods/b url:...

hpdi-write.txt

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: GoodFellas Security Research Team Technical Detail saveXMLAsFile method receives a filename as an argument, with this format "c:\path\file". Proof of C...

HP Digital Imaging 'hpqxml.dll 2.0.0.133' - Arbitrary Data Write

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: GoodFellas Security Research Team Technical Detail saveXMLAsFile method receives a filename as an argument, with this format "c:\path\file". Proof of Concept -- Hpqxml.dll...

webapp-exec.txt

There is a system access vulnerability in the Menu Manager Mod for WebAPP. This mod is available at http://www.2xlnt.com/webapp/development/app.cgi?action=downloadinfo&cat=webappmods&id=3 . System commands can be entered in user's personal menus. Any system command works there and allows reading ...

Menu Manager Mod for WebAPP - No Input Filtering

There is a system access vulnerability in the Menu Manager Mod for WebAPP. This mod is available at http://www.2xlnt.com/webapp/development/app.cgi?action=downloadinfo&cat=webappmods&id=3 . System commands can be entered in user's personal menus. Any system command works there and allows reading ...

CVE-2007-3021

Symantec Reporting Server before 1.0.224.0 (used with SCS 3.1 and SAV CE 10.1+) fails to initialize a critical variable during data export, allowing an attacker to manipulate the exported file to create arbitrary executable files. This could lead to remote code execution in the web server context...

Code injection

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...

CVE-2007-2266

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...

CVE-2007-2266

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/cpyfile.p in the WService parameter to 1 cgiip.exe or 2 wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName...

CVE-2007-2266

Progress Webspeed Messenger is affected by a vulnerability where an attacker can remotely read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated through the save, editor options usin...

CVE-2007-1009

Macrovision InstallAnywhere Enterprise before 8.0.1 uses the InstallScript.iapxml configuration file without integrity protection to verify authorization for installing an application, which allows local users to perform unauthorized installations by removing the 1 password or 2 serial number...

CVE-2007-2145

The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information...

Design/Logic Flaw

Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the a AXKLPROD60Lib.KAV60Info AxKLProd60.dll and b AXKLSYSINFOLib.SysInfo AxKLSysInfo.dll ActiveX controls, which allows remote attackers to "download" or delete arbitrary files via crafted arguments to the 1 DeleteFile,...

CVE-2007-1112

CVE-2007-1112 affects Kaspersky Anti-Virus 6.0 and Internet Security 6.0. The issue is exposed in ActiveX controls AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll), allowing remote attackers to download or delete arbitrary files via crafted arguments to Delete...

CVE-2007-1831

CVE-2007-1831 affects web-app.org WebAPP prior to 0.9.9.6. The issue allows remote authenticated users to open files and write the string "wrong data" through a crafted QUERY_STRING. Impact and remediation are not elaborated beyond the described behavior in the provided sources; exploitation deta...

CVE-2003-1324

The CVE-2003-1324 issue concerns Elm ME+ 2.4, where a race condition in can_open when installed with setgid mail and on systems without POSIX saved ID support lets local users read/modify files with mail-group privileges. Affected component is the can_open function; root cause is a race condition...

“Revenge”weapons txt bomb in the making-vulnerability warning-the black bar safety net

Create a contains only one spacein order to reduce the file size, we all knowof a text file, named 3jie it. 2. Open the WORD document, this file drag and drop into the document. You can also click the markup document in the menu bar“Insert＼object”pop-up“Insert Object”dialog box, select...

Kiwi CatTools < 3.2.9 TFTP Server Traversal Arbitrary File Manipulation

The remote host appears to be running Kiwi CatTools, a freeware application for device configuration management. The TFTP server included with the version of Kiwi CatTools installed on the remote host fails to sanitize filenames of directory traversal sequences. An attacker can exploit this issue...

CVE-2007-1035

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors...