Code injection

IBM Eclipse Help System IEHS, as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL...

CVE-2013-0467

CVE-2013-0467 concerns a vulnerability in the IBM Eclipse Help System (IEHS) that is shipped with multiple IBM products (notably IBM WebSphere Application Server, IBM InfoSphere Information Server, SPSS Data Collection, Content Analytics/OmniFind, Content Collector, and related IEHS-integrated co...

IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities

IBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP...

CVE-2012-3527

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

Design/Logic Flaw

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

typo3 -- Multiple vulernabilities in TYPO3 Core

Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution. TYPO3 Backend Help System - Due to a missing signature HMAC for a parameter in the viewhelp.php file, an...

Several Vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.18, 4.6.0 up to 4.6.11, 4.7.0 up to 4.7.3 and development releases of the 6....

CVE-2012-2159

Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Open redirect

Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

Cross site scripting

Cross-site scripting XSS vulnerability in deferredView.jsp in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

CVE-2012-2159

Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

CVE-2012-2420

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % percent character as its 1 last or 2...

CVE-2012-2420

CVE-2012-2420 affects Intuit QuickBooks 2009–2012 where the HelpAsyncPluggableProtocol.dll (intu-help-qb) handlers used with Internet Explorer may accidentally disclose sensitive information. The issue arises when processing a URI containing a percent character as its last or second-to-last chara...

CVE-2012-2424

The intu-help-qb aka Intuit Help System Async Pluggable Protocol handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service NULL pointer dereference and application crash via a URI that lac...

Intuit Help System Protocol File Retrieval

Intuit Help System Protocol File Retrieval Derek Soeder [email protected] Reported to [email protected] on March 15, 2012; vendor did not respond. Reported to CERT on March 22, 2012; vendor did not respond. Responsible disclosure failed with error code 10060. Published: March 30, 2012 AFFECT...

Code Widget Web based Help System Web-App (ASP) SQL injection

Exploit for asp platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Windows help system buffer overflow

Buffer overflow on CHM files parsing...

Microsoft Windows HLP File Handling Heap Buffer Overflow (CVE-2007-1912)

Microsoft Windows includes a standard Help system to assist the user working with applications. The WinHelp system, first introduced with Microsoft Windows 3.1, allows a developer to create a searchable document with a table of contents, images, hyper-links and other features. The developer may...

Microsoft Windows Help HLP File Processing Memory Corruption

Microsoft Windows includes a standard Help system to assist the user working with applications. The WinHelp system, first introduced with Microsoft Windows 3.1, allows a developer to create a searchable document with a table of contents, images, hyper-links and other features. The developer may...