Stack overflow

Stack-based buffer overflow in CGI programs in the server in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1374, and 8.0 SP1 Patch 1 before build 3110, allows remote attackers to execute arbitrary code via an HTTP POST request containing crafted form data, related to...

趋势科技OfficeScan CGI解析栈溢出漏洞

BUGTRAQ ID: 31859 CVECAN ID: CVE-2008-3862 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan服务器在解析CGI请求时存在栈溢出漏洞。如果远程攻击者通过HTTP POST请求向受影响的CGI可执行程序发送了特制的表单数据的话，就可以触发这个溢出，导致执行任意指令。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro ----------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-4493

Microsoft PicturePusher ActiveX control PipPPush.DLL 7.00.0709, as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issu...

Design/Logic Flaw

Microsoft PicturePusher ActiveX control PipPPush.DLL 7.00.0709, as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issu...

CVE-2008-4493

Microsoft PicturePusher ActiveX control PipPPush.DLL 7.00.0709, as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issu...

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

Code injection

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

CVE-2008-3909

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

Cross site request forgery (csrf)

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

CVE-2008-3909

The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete or modify data via unspecified requests...

LoveCMS 1.6.2 Final - Remote Code Execution

LoveCMS 1.6.2 Final - Remote Code Execution !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks....

aflistenerdirectorytraversal-08_006.txt

Portcullis Security Advisory - 08-006 Vulnerable System: Affinium Campaign Vulnerability Title: The Listener is vulnerable to directory traversal. Vulnerability Discovery And Development: Portcullis Security Testing Services. Credit For Discovery: Tim Brown - Portcullis Computer-Security Ltd...

Debian DSA-1597-2 : mt-daapd - multiple vulnerabilities

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server also known as the Firefly Media Server. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-5824 Insufficient validation and bounds checking of the Authorization: HTTP...

[SECURITY] [DSA 1597-1] New mt-daapd packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1597-1 [email protected] http://www.debian.org/security/ Devin Carraway June 12, 2008 http://www.debian.org/security/faq -...

Null pointer dereference

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-2631

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-2631

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...