2158 matches found
CVE-2008-0667
CVE-2008-0667 concerns Adobe Acrobat/Reader and the DOC.print API in the JavaScript layer. The vulnerability arises from a design/logic flaw that allows a PDF to silently trigger printing of any number of copies without user interaction, potentially enabling abuse of the printer. Affected product...
CVE-2008-0667
The DOC.print function in the Adobe JavaScript API, as used by Adobe Acrobat and Reader before 8.1.2, allows remote attackers to configure silent non-interactive printing, and trigger the printing of an arbitrary number of copies of a document. NOTE: this issue might be subsumed by CVE-2008-0655...
PHP Real Estate - fullnews.php?id SQL Injection
PHP Real Estate - fullnews.php?id SQL Injection --==+================================================================================+==-- --==+ PHP Real Estate SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR:...
[SECURITY] Fedora 7 Update: kdeedu-3.5.8-2.fc7
Educational/Edutainment applications, including: blinken: Simon Says Game kalzium: Periodic Table of Elements kanagram: Letter Order Game kbruch: Exercise Fractions keduca: Tests and Exams kgeography: Geography Trainer khangman: Hangman Game kig: Interactive Geometry kiten: Japanese Reference/Stu...
openSUSE 10 Security Update : wget (wget-1689)
This update fixes a security in wget, where evil servers could send terminal escape codes to the user calling wget. This would only affect interactive sessions. CVE-2004-1488 Additionaly a previous '.file' fix was found to be buggy and replaced. This bug could lead to '.directories' not being...
[SECURITY] Fedora 7 Update: mapserver-4.10.3-2.fc7
Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...
Windows平台的Cisco VPN客户端多个本地权限提升漏洞
BUGTRAQ ID: 25332 Cisco VPN客户端允许用户创建到支持Cisco VPN设备的IPSec VPN隧道。 Microsoft Windows的Cisco VPN客户端中存在两个漏洞,允许本地非特权用户提升权限。 1. 通过Microsoft Windows拨号网络接口的本地权限提升 非特权用户可以通过启用Start Before Logon(SBL)功能并配置VPN配置使用Microsoft拨号网络接口将权限提升到LocalSystem帐号用户的权限。如果同时启用并配置了这两个设置,就可以在Windows登录窗口中使用Cisco...
CVE-2007-3719
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service CPU consumption, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."...
DEBIAN-CVE-2007-3719
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service CPU consumption, as described in "Secretly Monopolizing the CPU Without Superuser Privileges."...
Debian DSA-1326-1 : fireflier-server - insecure temporary files
Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Microsoft Step-by-Step Interactive Training bookmark buffer overflow
Added: 05/04/2007 CVE: CVE-2006-3448 BID: 22484 OSVDB: 31883 Background Microsoft Step-by-Step Interactive Training is the engine used by various training programs. Problem A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially...
Microsoft Step-by-Step Interactive Training bookmark buffer overflow
Added: 05/04/2007 CVE: CVE-2006-3448 BID: 22484 OSVDB: 31883 Background Microsoft Step-by-Step Interactive Training is the engine used by various training programs. Problem A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially...
Microsoft Step-by-Step Interactive Training bookmark buffer overflow
Added: 05/04/2007 CVE: CVE-2006-3448 BID: 22484 OSVDB: 31883 Background Microsoft Step-by-Step Interactive Training is the engine used by various training programs. Problem A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially...
Microsoft Step-by-Step Interactive Training bookmark buffer overflow
Added: 05/04/2007 CVE: CVE-2006-3448 BID: 22484 OSVDB: 31883 Background Microsoft Step-by-Step Interactive Training is the engine used by various training programs. Problem A buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training allows command execution when a specially...
Microsoft Step-by-Step Interactive Training Buffer Overflow (MS07-005; CVE-2006-3448)
Step-by-Step Interactive Training is an engine for interactive training titles provided by Microsoft Press and other vendors. By using the Step-by-Step Interactive Training user interface Bookmark link files .CBO,.CBL,.CBM are created. These files allow easier access to a particular topic, and...
Microsoft Step-by-Step Interactive Training contains a buffer overflow
Overview Microsoft Step-by-Step Interactive Training contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Step-by-Step Interactive Training is a training program developed by MIcrosoft. It is...
CVE-2006-3448
Microsoft Step-by-Step Interactive Training contains a buffer overflow vulnerability (CVE-2006-3448) in the bookmark link handling for .CBO, .CBL, or .CBM files. Exploitation requires a user to open a crafted bookmark file, potentially allowing remote code execution on affected Windows systems (W...
HP LoadRunner Agent Service Detection
An HP LoadRunner Agent is listening on the remote host. This agent enables a LoadRunner Controller to communicate with the LoadRunner Load Generator on the remote host for performance testing. Note that Hewlett-Packard acquired LoadRunner in November 2006 as part of its acquisition of Mercury...
Microsoft Security Bulletin MS07-005
Microsoft Security Bulletin MS07-005 Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution 923723 Published: February 13, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows and have Step-by-Step Interactive Training installe...
Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
Description Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a bookmark...