622 matches found
PHPizabi notepad_body参数SQL注入漏洞
BUGTRAQ ID: 34223 PHPizabi是一款代码开源的在线交友、交流、婚介、商务合作系统。 PHPizabi的/theme/default/proc.inc.php模块中没有正确地验证用户所提交的notepadbody参数,远程攻击者可以通过提交恶意的查询请求执行SQL注入攻击。以下是有漏洞的代码段: ?php function bufferProcParse$buffer global $CONF; $tpl = new template; $tpl - LoadThis$buffer; // HANDLE POSTED NOTEPAD DATA \...
Kaspersky AntiVirus "klif.sys" Privilege Escalation Vulnerability
No description provided by source. / Added NOSTRICT to 1 on line 2 /str0ke ! milw0rm.com / define NOSTRICT 1 include windows.h undef STRICT PUCHAR pCodeBase=PUCHAR0xBE9372C0; PDWORD pJmpAddress=PDWORD0xBE9372B0; PUCHAR pKAVRets=PUCHAR0xBE935087,PUCHAR0xBE935046; PUCHAR pKAVRet; unsigned char...
Goople CMS 1.7 - Arbitrary Code Execution
-============================================- Autore: x0r - Evolution Team Msn: [email protected] Cms: Goople Cms 1.7 Bug: Arbitrary File Creation Download: http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS1.7.rar -============================================- Exploit: Attack One...
Design/Logic Flaw
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3436
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3436
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...
CVE-2008-3436
Notepad++ prior to 4.8.1 is affected by CVE-2008-3436 through its GUP generic update process, which does not properly verify update authenticity. This enables MITM attackers to deliver arbitrary code via a Trojan-horse update, as demonstrated by evilgrade and DNS cache poisoning. The provided con...
joomlajpad-sql.txt
Joomla Component JPad Remote SQL Injection Founded by : His0k4 Algerian HaCkeR; Contact: His0k4atgmail.com Greetz : All friends & muslims HaCkeRs : ScriptName: "Joomla" ComponentName: "JPad" DORK: allinurl:comjpad P.O.C: /index.php?option=comjpad&task=edit&Itemid=39&cid=SQL Example:...
Programmer's Notepad ctags Processing Buffer Overflow
Programmer's Notepad, an open source text editor for coders, is installed on the remote host. The version of Programmer's Notepad installed on the remote host contains a buffer overflow that can be triggered when parsing ctags output. If an attacker can trick a user on the remote host to open a...
Programmer's Notepad ctags栈缓冲区溢出漏洞
BUGTRAQ ID: 28119 Programmer's Notepad是免费的开源文本编辑器。 Programmer's Notepad在处理ctags输出时存在栈溢出漏洞,攻击者可能利用此漏洞控制用户系统。 如果用户受骗打开了特制的.c文件并使用了Jump To对话框的话,就可以触发这个溢出,导致执行任意指令。 pnotepad.org Programmer's Notepad 2.0.6.1 pnotepad.org ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-1210
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these...
CVE-2008-1210
Programmer’s Notepad contains a stack-based buffer overflow in the ctags parsing code, affected in versions before 2.0.8.718. The vulnerability can be triggered by parsing a crafted .c file via the Jump To dialog, with a user-assisted remote attacker able to cause a crash or execute arbitrary code.
Buffer overflow
Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer explorer.exe 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service application...
CVE-2007-5145
Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer explorer.exe 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service application...
Notepad++ Ruby Source File Handling Overflow
Notepad++, a free source code editor and Notepad replacement, is installed on the remote Windows host. The version of Notepad++ installed on the remote host reportedly contains a buffer overflow involving how it processes Ruby source code files. If an attacker can trick a user on the affected hos...
notepad++ buffer overflow
Buffer overflow on Ruby .rb files editing...
Notepad++ Ruby源文件处理远程栈溢出漏洞
Notepad++是运行在Windows环境中的开源编辑器,支持多种编程语言。 Notepad++的SciLexer模块(SciLexer.dll)在处理ruby源文件(.rb)时存在栈溢出漏洞,如果用户受骗打开了恶意的.rb文件,就会触发这个溢出,导致执行任意指令。 Notepad++ Notepad++ 4.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://notepad-plus.sourceforge.net/ http://www.sebug.net/show-exp-1876.html...
notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.
...i took a look at the new notepad++, and noticed this, i'm not sure how long it has been there or if it was recently added to the code... either way here is a POC for it. original reference: http://fakehalo.us/xnotepad++.c / notepad++v4.1: win32 ruby file processing buffer overflow exploit. by:...
Stack overflow
Stack-based buffer overflow in LexRuby.cxx SciLexer.dll in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby .rb files with long lines. NOTE: this was originally reported as a vulnerability in notepad++...
CVE-2007-2666
Stack-based buffer overflow in LexRuby.cxx SciLexer.dll in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby .rb files with long lines. NOTE: this was originally reported as a vulnerability in notepad++...