US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-270A Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability Original release date: September 27, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows...

IBM Access Support eGatherer ActiveX control buffer overflow

Overview The IBM Access Support eGatherer ActiveX control contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support eGatherer ActiveX control has the ability to collect system...

CVE-2006-4555

Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control...

CVE-2006-4555

Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control...

Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when...

Microsoft Internet Explorer fails to properly interpret layout positioning

Overview Microsoft Internet Explorer fails to properly handle certain combinations of layout positioning. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the handling of certain combinations of...

CVE-2006-3505

WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated...

CVE-2006-1176

Buffer overflow in eBay Enhanced Picture Services aka EPUImageControl Class in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item SYI, Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary...

Buffer overflow

Buffer overflow in eBay Enhanced Picture Services aka EPUImageControl Class in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item SYI, Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary...

CVE-2006-1176

Buffer overflow in eBay Enhanced Picture Services aka EPUImageControl Class in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item SYI, Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary...

CVE-2006-1176

The CVE-2006-1176 issue is a buffer overflow in the eBay Enhanced Picture Services ActiveX control (EPUImageControl Class) shipped by EUPWALcontrol.dll. Vulnerable when the ActiveX control is version 1.0.3.36 and earlier, used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, ...

Microsoft Internet Explorer HTML Document object cross-domain vulnerability

Overview Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintai...

Mozilla contains multiple memory corruption vulnerabilities

Overview Mozilla contains several memory corruption vulnerabilities. This may allow a remote attacker to execute arbitrary code. Description Mozilla team members have discovered multiple vulnerabilities that cause the browser engine to crash. In certain circumstances, these vulnerabilities may...

Mozilla contains a buffer overflow vulnerability in crypto.signText()

Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability

Overview The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Shockwave Player Adobe Macromedia Shockwave Player is software that plays active web content...

Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects

Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...

VERITAS Storage Exec DCOM servers contain multiple buffer overflows

Overview VERITAS Storage Exec contains several buffer overflows, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description VERITAS Storage Exec is software package that performs storage management. Multiple DCOM server components provided by Storage Exec...

CVE-2002-1714

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service crash via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion...

Maxwebportal 1.36 - Password.asp Change Password (1) (HTML)

Maxwebportal 1.36 - Password.asp Change Password 1 HTML -----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418...