Microsoft Windows Help File Heap Buffer Overflow (CVE-2006-1591)

There exists a buffer overflow vulnerability in Microsoft Windows. The vulnerability is caused by the improper parsing of malformed .hlp file in the Windows Help system. An attacker may exploit this vulnerability by enticing a user to open a crafted Windows help file, which will enable the attack...

Pay Attention to MS10-042 Update

Microsoft has released four new security bulletins in the July 2010 edition of patch Tuesday. These bulletins address five vulnerabilities. It is not uncommon, and has become expected, for a light patch Tuesday to follow a heavy patch Tuesday release from Microsoft. Last month, Microsoft released...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the q parameter in an about action to the help system...

CVE-2008-1347

Multiple cross-site scripting XSS vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the q parameter in an about action to the help system...

CVE-2008-1347

Multiple cross-site scripting XSS vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the q parameter in an about action to the help system...

Cisco multiple products help system crossite scripting

Crossite scripting on HTML help pages...

XSS vulnerability in the online help system of several Cisco products

What: cross-site scripting XSS vulnerability in the online help system distributed with several Cisco products Release Date: 03-15-2007 Application: 14 different applications verified by Cisco up to now. For a complete list of affected products see...

Cisco Online Help System Cross-Site Scripting Vulnerability

Multiple Cisco products contain a vulnerability in the Online Help System that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists because the search feature of the web-based Online Help System interface fails to sufficiently filter...

Linksys WLAN Monitor privilege escalation

It's possible to execute application with LocalSystem privileges from Help system...

Safari remote arbitrary code execution

Adv: safari0x04 Release Date: 10/05/04 Affected Products: Safari = 1.2 Fixed in: Not fixed. Impact: Remote code execution. Severity: High. Vendor: Notified 23/02/04 Author: fundisom.com Apple uses a special function to execute scripts and applications from his Help system. Unfortunatly, this Help...

Buffer Overflow in IE/Outlook HTML Help

NGSSoftware Insight Security Research Advisory Name: Windows Help System Buffer Overflow Systems: Windows XP,2000,NT,ME and 98 Severity: High Risk Category: Buffer Overflow Vulnerability Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

CVE-1999-1219

Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command...

CVE-2000-0345

The CVE-2000-0345 entry concerns Cisco routers’ on-line help system options. The vulnerability allows non-privileged users, without enabled access, to obtain sensitive information via the show command. The provided data (NVD) notes partial confidentiality impact with local attack vector and low b...

CVE-2000-0345

The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command...

CVE-1999-0975

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed...

CVE-1999-0975

The CVE-1999-0975 entry describes a local privilege escalation in the Windows Help system: by editing a table of contents metafile (.CNT) and altering the topic action, a local user could cause commands to execute when the .hlp file is opened. The remediation/affected product details beyond this ...

CVE-1999-0975

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed...

Microsoft Windows 9598NT 4.0 - Help File Backdoor

Microsoft Windows 9598NT 4.0 - Help File Backdoor source: https://www.securityfocus.com/bid/868/info The help files for the Windows Help system .cnt, .hlp can be edited so that they run an arbitrary executable when selected by a user. The executable will run at the privelege level of the user. Th...

CVE-1999-1219

Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command...