CVE-2006-1303

The CVE-2006-1303 issue affects Microsoft Internet Explorer 5.01 SP4 and IE 6 SP1 (and earlier) via remote instantiation of certain COM objects not meant for IE, notably several DXImageTransform.Microsoft.* ActiveX controls (MMSpecialEffect1Input, MMSpecialEffect1Input.1, MMSpecialEffect2Inputs, ...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability Variant

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue results from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

DEBIAN-CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

Multiple Microsoft Internet Explorer security vulnerabilities

Jump to ininitialized function pointer by referencing unspupported object's method createTextRange for checkbox. Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM...

Microsoft Word object pointer memory corruption vulnerability

Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

CVE-2006-0012

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."...

CVE-2006-0012

CVE-2006-0012 is a Windows Shell vulnerability in which Windows Explorer could incorrectly handle COM objects, enabling remote code execution if a user visits a malicious Web site or opens crafted files/directories. Affected products include Windows 2000 SP4, XP SP1/SP2, and Windows Server 2003 S...

Microsoft Internet Explorer fails to properly handle embedded objects

Overview Microsoft Internet Explorer IE does not properly handle embedded dynamic objects. This vulnerability may allow a remote attacker to execute arbitrary code. Description IOleClientSite interface According to Microsoft Security Bulletin MS06-013, The IOleClientSite interface is the primary...

Microsoft Windows fails to properly handle COM objects

Overview Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft COM Microsoft COM is a technology that allows programmers to create reusable software components...

MS06-015: Vulnerabilities in Windows Explorer Could Allow Remote Code Execution (908531)

The remote version of Windows contains a version of the Windows Explorer that has a vulnerability in the way it handles COM objects. An attacker could exploit this vulnerability by asking a victim to visit a rogue website containing a malformed COM object. Tenable Network Security, Inc...

[NT] Microsoft Internet Explorer Drag-and-Drop Redeux

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2006-0293

The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...

CVE-2006-0293

The function allocation code jsNewFunction in jsfun.c in Firefox 1.5 allows attackers to cause a denial of service memory corruption and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects...

Design/Logic Flaw

Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 Oracle9i has unspecified impact and attack vectors, as identified by Oracle Vuln DBC02 in the Reorganize Objects & Convert Tablespace component...

CVE-2005-4813

Unspecified vulnerability in Report Application Server Crystalras.exe before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service application hang via certain network traffic...

CVE-2005-4851

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects...

PT-2005-5499 · Apache · Jakarta Tomcat +1

Name of the Vulnerable Software and Affected Versions: Jakarta Tomcat versions 5.5.6 and earlier Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat. These vulnerabilities allow remote attackers to inject arbitrary w...

CVE-2005-4274

CVE-2005-4274 affects Business Objects WebIntelligence 6.5x. The vulnerability permits remote attackers to cause a denial of service (user account lockout) via unknown attack vectors related to authentication mechanisms and form input. The available sources describe the issue but do not provide c...

CVE-2005-4274

Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service user account lock out via unknown attack vectors related to "authentication mechanisms" and "form input."...