2666 matches found
CVE-2008-0196
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the page parameter to certain PHP scripts under wp-admin/ or 2 the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path...
Microsoft DirectX SAMI及WAV/AVI文件解析远程代码执行漏洞(MS07-064)
BUGTRAQ ID: 26804,26789 CVECAN ID: CVE-2007-3901,CVE-2007-3895 Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 Microsoft DirectX处理畸形格式的媒体文件时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 集成DirectX技术的Microsoft DirectShow没有对Synchronized Accessible Media...
openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-1698)
Following security problems were found in OpenOfficeorg : - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. The user will not be asked or notified and the macro will have full access...
CVE-2004-2698
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...
CVE-2004-2698
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service IMWheel crash and possibly modify arbitrary files via a symlink attack on the imwheel.pid file...
CVE-2007-3640
Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...
Cross site scripting
Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...
CVE-2007-3640
Adobe Integrated Runtime (AIR, also known as Apollo) is affected by CVE-2007-3640. The issue allows context-dependent attackers to modify arbitrary files inside an executing .air file (compiled AIR application) and perform cross-site scripting (XSS) attacks, demonstrated by an app that modifies a...
CVE-2007-3640
Adobe Integrated Runtime AIR, aka Apollo allows context-dependent attackers to modify arbitrary files within an executing .air file compiled AIR application and perform cross-site scripting XSS attacks, as demonstrated by an application that modifies an HTML file inside itself via JavaScript that...
Portcullis Security Advisory 06-034
Portcullis Security Advisory 06-034 Vulnerable System: Movable Type Vulnerability Title: The blog directory path can be set to any arbitrary directory path during the creation of new blogs. Vulnerability discovery and development: Portcullis Security Testing Services. Credit for Discovery: Tim...
Hung it to the way and the system determines whether the code-vulnerability warning-the black bar safety net
A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...
By modifying the characteristics to evade antivirus checks-vulnerability warning-the black bar safety net
Today the rare is I in the school room and RUB into the machine, installed Norton and wheat coffee. Anyway, haven't for these two antivirus ever madefree kill, so just change it for the better. The positioning process on a free, given the feature code location: Norton: the starting offset 000B9A4...
Hackers newbies tutorial of the well known Cookies to the file spoofing-vulnerability warning-the black bar safety net
First, a few basic concepts Cookies deception, is in only for the user to do the Cookies the authentication of the system, by modifying Cookies of the content to obtain the appropriate user permissions to log on. So what is Cookies?, I'm here to give you a professional explanation, Cookies are...
Zend Platform 2.2.1 - 'PHP.INI' File Modification
source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' program that may be executed by local users and will...
CVE-2007-1140
The CVE-2007-1140 entry describes a directory traversal vulnerability in edit.php of the pheap application, where an attacker can supply a filename containing .. to read and modify arbitrary files. Affected component: pheap (edit.php). Root cause: improper validation of the filename parameter all...
Race condition
Multiple race conditions in Smb4K before 0.8.0 allow local users to 1 modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the removelockfile function in core/smb4kfileio.cpp, and 2 add lines to the sudoers file via a symlink attack on...
CVE-2007-0472
CVE-2007-0472 describes multiple race conditions in Smb4K prior to 0.8.0 that enable a local attacker to escalate privileges or modify sensitive files. The primary issues involve: (1) the removeLockFile path in core/smb4kfileio.cpp allowing manipulation of Smb4K’s lock file to modify arbitrary fi...
NoMachine NX Server privilege escalation
nxconfigure.sh doesn't check invoking user, allowing configuration file modification...
CVE-2007-0252
Technical details (affected product/version, vectors, exploitability) are not provided in the supplied documents. Monitor for updates; no public details are available here.
Multiple Remote Vulnerabilities in KISGB
Advisory 15 Title: Multiple Remote Vulnerabilities in KISGB Author: 0ozeuso0 Arturo Z. Contact: [email protected] Website: www.diosdelared.com Date: 22/12/06 Risk: critical Vendor Url: http://sourceforge.net/projects/kisgb, http://ravenphpscripts.com Affected Software: Keep It Simple Guest Boo...