opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...

Memory corruption

IBM DB2 Universal Database UDB Administration Server DAS 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory...

CVE-2008-0102

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."...

CVE-2008-0102

Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."...

PT-2008-1472 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.36 Apache Tomcat versions 5.5.0 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.14 Description: The issue arises from improper handling of double quote " characters or %5C encoded backslash...

CVE-2007-6699

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures YGP Picture Editor allow remote attackers to cause a denial of service browser crash via a long string in the 1 DisplayName, 2 FinalSavePath, 3 ForceSaveTo, 4 HiddenControls, 5...

CVE-2007-6699

Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures YGP Picture Editor allow remote attackers to cause a denial of service browser crash via a long string in the 1 DisplayName, 2 FinalSavePath, 3 ForceSaveTo, 4 HiddenControls, 5...

CVE-2008-0008

The padroproot function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from 1 setresuid, 2 setreuid, 3 setuid, and 4 seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as...

CVE-2008-0437

Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long 1 AuthenticationURL, 2 PortalAPIURL, or 3 cabroot property valu...

Debian Security Advisory DSA 043-1 (zope)

The remote host is missing an update to zope announced via advisory DSA 043-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security feature bypass

HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...

Improper access control

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies...

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these...

[SECURITY] Fedora 8 Update: xfce4-sensors-plugin-0.10.99.2-3.fc8

This plugin displays various hardware sensor values in the Xfce panel...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

CVE-2007-6332

The CVE-2007-6332 entry concerns the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center in HP Quick Launch Button 6.3 and earlier on Windows before Vista. The vulnerability, via the SetRegValue method, allows remote attackers to create or modify arbitrary registry ...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...