Lucene search
K

622 matches found

seebug.org
seebug.org
added 2009/03/25 12:0 a.m.115 views

PHPizabi notepad_body参数SQL注入漏洞

BUGTRAQ ID: 34223 PHPizabi是一款代码开源的在线交友、交流、婚介、商务合作系统。 PHPizabi的/theme/default/proc.inc.php模块中没有正确地验证用户所提交的notepadbody参数,远程攻击者可以通过提交恶意的查询请求执行SQL注入攻击。以下是有漏洞的代码段: ?php function bufferProcParse$buffer global $CONF; $tpl = new template; $tpl - LoadThis$buffer; // HANDLE POSTED NOTEPAD DATA \...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/02/16 12:0 a.m.20 views

Kaspersky AntiVirus "klif.sys" Privilege Escalation Vulnerability

No description provided by source. / Added NOSTRICT to 1 on line 2 /str0ke ! milw0rm.com / define NOSTRICT 1 include windows.h undef STRICT PUCHAR pCodeBase=PUCHAR0xBE9372C0; PDWORD pJmpAddress=PDWORD0xBE9372B0; PUCHAR pKAVRets=PUCHAR0xBE935087,PUCHAR0xBE935046; PUCHAR pKAVRet; unsigned char...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/11/24 12:0 a.m.31 views

Goople CMS 1.7 - Arbitrary Code Execution

-============================================- Autore: x0r - Evolution Team Msn: [email protected] Cms: Goople Cms 1.7 Bug: Arbitrary File Creation Download: http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS1.7.rar -============================================- Exploit: Attack One...

7.4AI score
Exploits0
Prion
Prion
added 2008/08/01 2:41 p.m.13 views

Design/Logic Flaw

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

7.5CVSS7.9AI score0.0184EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2008/08/01 2:41 p.m.18 views

CVE-2008-3436

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

7.5CVSS7.4AI score0.0184EPSS
Exploits0References3
Cvelist
Cvelist
added 2008/08/01 2:0 p.m.24 views

CVE-2008-3436

The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning...

7.4AI score0.0184EPSS
Exploits0References3
CVE
CVE
added 2008/08/01 2:0 p.m.75 views

CVE-2008-3436

Notepad++ prior to 4.8.1 is affected by CVE-2008-3436 through its GUP generic update process, which does not properly verify update authenticity. This enables MITM attackers to deliver arbitrary code via a Trojan-horse update, as demonstrated by evilgrade and DNS cache poisoning. The provided con...

7.5CVSS7.4AI score0.0184EPSS
Exploits0References3Affected Software1
Packet Storm
Packet Storm
added 2008/04/24 12:0 a.m.31 views

joomlajpad-sql.txt

Joomla Component JPad Remote SQL Injection Founded by : His0k4 Algerian HaCkeR; Contact: His0k4atgmail.com Greetz : All friends & muslims HaCkeRs : ScriptName: "Joomla" ComponentName: "JPad" DORK: allinurl:comjpad P.O.C: /index.php?option=comjpad&task=edit&Itemid=39&cid=SQL Example:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/03/10 12:0 a.m.27 views

Programmer's Notepad ctags Processing Buffer Overflow

Programmer's Notepad, an open source text editor for coders, is installed on the remote host. The version of Programmer's Notepad installed on the remote host contains a buffer overflow that can be triggered when parsing ctags output. If an attacker can trick a user on the remote host to open a...

9.3CVSS6.5AI score0.0397EPSS
Exploits0References2
seebug.org
seebug.org
added 2008/03/09 12:0 a.m.22 views

Programmer's Notepad ctags栈缓冲区溢出漏洞

BUGTRAQ ID: 28119 Programmer's Notepad是免费的开源文本编辑器。 Programmer's Notepad在处理ctags输出时存在栈溢出漏洞,攻击者可能利用此漏洞控制用户系统。 如果用户受骗打开了特制的.c文件并使用了Jump To对话框的话,就可以触发这个溢出,导致执行任意指令。 pnotepad.org Programmer's Notepad 2.0.6.1 pnotepad.org ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
NVD
NVD
added 2008/03/08 12:44 a.m.20 views

CVE-2008-1210

Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these...

9.3CVSS8AI score0.0397EPSS
Exploits0References4
CVE
CVE
added 2008/03/08 12:0 a.m.41 views

CVE-2008-1210

Programmer’s Notepad contains a stack-based buffer overflow in the ctags parsing code, affected in versions before 2.0.8.718. The vulnerability can be triggered by parsing a crafted .c file via the Jump To dialog, with a user-assisted remote attacker able to cause a crash or execute arbitrary code.

9.3CVSS8AI score0.0397EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2007/10/01 5:17 a.m.18 views

Buffer overflow

Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer explorer.exe 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service application...

4.3CVSS7.2AI score0.31586EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/10/01 12:0 a.m.27 views

CVE-2007-5145

Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer explorer.exe 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attackers to cause a denial of service application...

6.9AI score0.10422EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/05/24 12:0 a.m.29 views

Notepad++ Ruby Source File Handling Overflow

Notepad++, a free source code editor and Notepad replacement, is installed on the remote Windows host. The version of Notepad++ installed on the remote host reportedly contains a buffer overflow involving how it processes Ruby source code files. If an attacker can trick a user on the affected hos...

7.6CVSS6.6AI score0.15232EPSS
Exploits0References3
securityvulns
securityvulns
added 2007/05/15 12:0 a.m.28 views

notepad++ buffer overflow

Buffer overflow on Ruby .rb files editing...

3.1AI score
Exploits0References1
seebug.org
seebug.org
added 2007/05/15 12:0 a.m.21 views

Notepad++ Ruby源文件处理远程栈溢出漏洞

Notepad++是运行在Windows环境中的开源编辑器,支持多种编程语言。 Notepad++的SciLexer模块(SciLexer.dll)在处理ruby源文件(.rb)时存在栈溢出漏洞,如果用户受骗打开了恶意的.rb文件,就会触发这个溢出,导致执行任意指令。 Notepad++ Notepad++ 4.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://notepad-plus.sourceforge.net/ http://www.sebug.net/show-exp-1876.html...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/05/15 12:0 a.m.37 views

notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.

...i took a look at the new notepad++, and noticed this, i'm not sure how long it has been there or if it was recently added to the code... either way here is a POC for it. original reference: http://fakehalo.us/xnotepad++.c / notepad++v4.1: win32 ruby file processing buffer overflow exploit. by:...

0.1AI score
Exploits0
Prion
Prion
added 2007/05/14 11:19 p.m.11 views

Stack overflow

Stack-based buffer overflow in LexRuby.cxx SciLexer.dll in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby .rb files with long lines. NOTE: this was originally reported as a vulnerability in notepad++...

7.6CVSS8.4AI score0.15232EPSS
Exploits0References12Affected Software2
Cvelist
Cvelist
added 2007/05/14 11:0 p.m.19 views

CVE-2007-2666

Stack-based buffer overflow in LexRuby.cxx SciLexer.dll in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby .rb files with long lines. NOTE: this was originally reported as a vulnerability in notepad++...

8AI score0.15232EPSS
Exploits0References12
Rows per page
Query Builder