287 matches found
CVE-2017-5234
Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer...
CVE-2017-5232
CVE-2017-5232 refers to a DLL preloading vulnerability in all Rapid7 Nexpose installers prior to version 6.4.24. The issue arises because the installer may load a malicious DLL from the current working directory rather than an explicit system path. Connected documents confirm the affected compone...
Snagit DLL Preloading Arbitrary Code Execution
The version of Snagit installed on the remote Windows host has a DLL preloading vulnerability. An attacker can execute arbitrary code by tricking a user into opening a Snagit file .snag, .snagprof, or .snagcc from an attacker-controlled location such as a network share. C Tenable Network Security...
Amateur Photographer's Image Gallery 0.9a XSS / SQL Injection
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ³ ³ Undergroundthalo Hacking Team - Security Advisory ³ ³ ³...
Amateur Photographer 's Image Gallery 0.9a XSS / SQL Injection
Amateur Photographer's Image Gallery version 0.9a suffers from cross site scripting, remote file disclosure, and remote SQL injection vulnerabilities. Undergroundthalo Hacking Team - Security Advisory --------------------------------------------------------------------------- Author : cr4wl3r...
Microsoft Expression Design wintab32.dll Library Loading
Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...
Microsoft Fills Windows, Office Holes with March Patch Release
Microsoft Corp. issued their monthly security bulletins on Tuesday, with fixes for four known vulnerabilities in the company’s Windows operating system, Office suite and Remote Desktop Connection products. The March patch release included three bulletins: MS11-015, 016 and 017. Only one, MS11-015...
Microsoft security update stamps out 11 product vulnerabilities
Microsoft security update stamps out 11 product vulnerabilities American software heavyweight Microsoft Corp. has this week rolled out three security bulletins for Windows, addressing a total of 11 vulnerabilities targeting potential exploits in platforms ranging from Microsoft Office to Forefron...
MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
The remote Windows host is running a version of Microsoft Office that is affected by several vulnerabilities : - An integer underflow exists in the way the application parses the PowerPoint file format, which could lead to heap corruption and allow for arbitrary code execution when opening a...
Embarcadero Delphi XE (2011) DLL preloading exploit
Exploit for windows platform in category local exploits =================================================== Embarcadero Delphi XE 2011 DLL preloading exploit =================================================== Exploit Title : Embarcadero Delphi XE 2011, DLL preloading exploit Author : STRELiTZIA...
Prevx DLL preloading exploit
Exploit for windows platform in category local exploits ============================ Prevx DLL preloading exploit ============================ ============================ Prevx DLL preloading exploit ============================ ==================================================== = PREVX DLL...
MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
This host is prone to Remote Code Execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbmswindowslibrarycodeexecvuln.nasl 5934 2017-04-11 12:28:28Z antu123 $ MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities 2269637 Authors: Antu Sanadi Copyright: Copyright c 2010...
Microsoft Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)
This host is prone to Remote Code Execution vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Maxthon Browser version 2.5.15.1000 Insecure DLL Hijacking Vulnerability (dwmapi.dll)
OVERVIEW The Maxthon Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION Maxthon Browser is a...
Virtual DJ 6.1.2 DLL Hijacking Exploit
/ Description: Virtual DJ 6.1.2 Also vulnerable for DLL Preloading on hdjapi.dll while loading .mp3 content. Date: August 29, 2010 Author: Classity informatiebeveiliging PoC: Displaying message box, but can be replaced by DLL with arbitrary payload. / include define DllExport declspec dllexport...
Microsoft Security Advisory (2269637) Insecure Library Loading Could Allow Remote Code Execution
Microsoft Security Advisory 2269637 Insecure Library Loading Could Allow Remote Code Execution Published: August 23, 2010 Version: 1.0 General Information Executive Summary Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that...
MS KB2269637: Insecure Library Loading Could Allow Remote Code Execution
The remote host is missing Microsoft KB2264107 or an associated registry change, which provides a mechanism for mitigating binary planting or DLL preloading attacks. Insecurely implemented applications look in their current working directory when resolving DLL dependencies. If a malicious DLL wit...
Mozilla Foundation Security Advisory 2010-13
Mozilla Foundation Security Advisory 2010-13 Title: Content policy bypass with image preloading Impact: Moderate Announced: March 23, 2010 Reporter: Josh Soref, Nokia Products: Firefox 3.6 Fixed in: Firefox 3.6.2 Description Mozilla developer Josh Soref of Nokia reported that documents failed to...
Design/Logic Flaw
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service...
CVE-2010-0168
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service...