CVE-2007-2017

siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not check authentication, which allows remote attackers to obtain or modify user information via a direct request...

CVE-2006-4743

WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for 1 404.php, 2 akismet.php, 3 archive.php, 4 archives.php, 5 attachment.php, 6 blogger.php, 7 comments.php, 8 comments-popup.php, 9 dotclear.php, 10 footer.php, 11 functions.php, 12...

CVE-2006-3510

The Remote Data Service Object RDS.DataControl in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service crash via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read...

CVE-2006-3510

CVE-2006-3510 affects Microsoft Internet Explorer 6 on Windows 2000, where the Remote Data Service Object (RDS.DataControl) can crash a system. The vulnerability stems from an invalid length calculation in operations using SysAllocStringLen, which then triggers a buffer over-read. The described i...

CVE-2006-3510

The Remote Data Service Object RDS.DataControl in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service crash via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read...

PT-2005-5364 · Tellme · Tellme

Name of the Vulnerable Software and Affected Versions: TellMe versions 1.2 and earlier Description: The issue allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q Host parameter. Recommendations: For TellMe...

Across stop SQL injection database attacks-vulnerability warning-the black bar safety net

The previous stage, in an attempt to attack a web site, discover the other side of the system has been blocked error information, is also commonaccountto connect thedatalibrary, the system also is played with all the patches so you want to attack injection is more troublesome. So I get a“cross-si...

PT-2005-2332 · Oneworld · Oneworldstore

Name of the Vulnerable Software and Affected Versions: OneWorldStore affected versions not specified Description: The issue allows remote attackers to obtain sensitive information by modifying the idOrder parameter in the "owOfflineCC.asp" file. Recommendations: For all affected versions, avoid...

CVE-2004-0036

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter...

CVE-2002-1142

CVE-2002-1142 is a heap-based buffer overflow in the MDAC RDS component caused by an unchecked buffer in the RDS Data Stub when handling malformed HTTP requests. Affected: MDAC versions 2.1–2.6 and Internet Explorer 5.01–6.0. Impact: remote code execution with the privileges of the service (e.g.,...

CVE-2002-0864

CVE-2002-0864 corresponds to a Microsoft RDP flaw affecting Windows XP (RDP 5.1) where a Remote Desktop PDU Confirm Active packet that omits the Pattern BLT can cause a denial of service (crash). OpenVAS entries also describe an information-disclosure risk from RDP 5.0/5.1 due to unencrypted chec...

CVE-2002-0864

The Remote Data Protocol RDP version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service crash when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."...

CVE-2003-1516

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.201 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet...

CVE-2003-0841

The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request...

[SECURITY] [DSA 241-1] New kdeutils packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 241-1 [email protected] http://www.debian.org/security/ Martin Schulze January 24th, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 240-1] New kdegames packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 240-1 [email protected] http://www.debian.org/security/ Martin Schulze January 23rd, 2003 http://www.debian.org/security/faq -...

DEBIAN-CVE-2002-1747

Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB...

CVE-2002-2108

Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail...

ISS Security Brief: Microsoft MDAC Remote Compromise Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief November 21, 2002 Microsoft MDAC Remote Compromise Vulnerability Synopsis: Microsoft has released a security bulletin detailing a vulnerability in Microsoft MDAC technology. MDAC or Microsoft Data Access Components is a...

Microsoft Data Access Components RDS Buffer Overflow Vulnerability

Description Microsoft Data Access Components MDAC contains a buffer overflow in a Remote Data Services RDS component. The server side RDS component affected is called the RDS Data Stub, while the client side is called the Data Space control. Successful exploitation of this vulnerability could all...