CVE-2009-2502

Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office...

[SECURITY] Fedora 11 Update: rubygem-rails-2.3.2-5.fc11

Rails is a framework for building web-application using CGI, FCGI, modruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates...

PT-2009-4908 · Microsoft · Works +26

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 6 SP1 Windows XP versions SP2 and SP3 Office XP version SP3 Office 2003 version SP3 2007 Microsoft Office System versions SP1 and SP2 Office Project 2002 version SP1 Visio 2002 version SP2 Office Word Viewe...

Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes WMF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft GDI+ CCITT G4 TIFF File Processing Memory Corruption Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. This issue occurs when CCITT G4 compressed TIFF images are decompressed. An attacker could exploit this issue to execute arbitrary code with...

Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes PNG image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts m...

Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly processes TIFF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts...

Patch Tuesday Heads-Up: 13 Bulletins, 8 Critical

Microsoft is planning a bumper Patch Tuesday next week — 13 bulletins covering 34 security vulnerabilities in a wide range of products. Eight of the 13 bulletins will be rated “critical,” Microsoft’s highest severity rating. According to Microsoft’s advance notice, the patches coming on October 1...

Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)

WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional ar...

Engeman 6.x.x SQL Injection

Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME'...

Engeman 6.x.x SQL Injection

Exploit for unknown platform in category web applications =========================== Engeman 6.x.x SQL Injection =========================== Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql...

Engeman 6.x - SQL Injection

Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME'...

Engeman 6.x - SQL Injection

Engeman 6.x - SQL Injection Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca from cfgus...

Engeman 6.x.x SQL Injection

No description provided by source. Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca fro...

Engeman - SQL Injection Vulnerability (vendor url erratum)

Engeman is a Brasilian software for maintenance control. Version tested: 6.x.x and prior. Next versions appears vulnerable too. The attacker can inject sql codes in username textbox: SQL dump affter injection: select nome,senha,diasexp,dataltsen,permitetroca from cfgusr where nome='NULL' OR NOME'...

New Unpatched Flaw Surfaces in SQL Server

There is an unpatched flaw in Microsoft SQL Server that could enable an attacker to access users’ passwords on the database server. The vulnerability is in SQL Server 2000, 2005 and 2008. The SQL Server vulnerability was discovered last fall by database-security vendor Sentrigo, which then report...

SQL query result set for injecting the effects and use-vulnerability and early warning-the black bar safety net

For injection purposes, the error message is extremely important. The so-called error message refers to and the correct page different results back, the master is very attention to this point, which injection point the precise judgment is essential. The ask discussed under several categories of...

TekRADIUS SQL注入及不安全权限漏洞

CVECAN ID: CVE-2009-2357,CVE-2009-2358,CVE-2009-2359 TekRadius是一个免费的RADIUS服务器，可以支持RFC 2865和RFC 2866规范。 1 TekRADIUS的默认配置使用sa账号与Microsoft SQL Server通讯，远程攻击者可以相对较容易的获得对数据库的特权访问。 2 TekRADIUS将数据库凭据存储在了C:\Program Files\TekRADIUS\TekRADIUS.ini文件中。任何Windows本地用户都可以访问这个文件，读取加密了的凭据。 3...

Default configuration

The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system...