7000 matches found
Yahoo! Widget < 4.0.5 GetComponentVersion() Remote Overflow Exploit
No description provided by source. html !-- +++++++++++++++++++++++ +Last Modified by lhoang8500++ +++++++++++++++++++++++ -- html object classid="CLSID:7EC7B6C5-25BD-4586-A641-D2ACBB6629DD" id="target"/OBJECT SCRIPT language="javascript" var heapSprayToAddress = 0x05050505;...
Yahoo! Widget < 4.0.5 - 'GetComponentVersion()' Remote Overflow
var heapSprayToAddress = 0x05050505; var payLoadCode =...
Yahoo! Widget < 4.0.5 GetComponentVersion() Remote Overflow Exploit
Exploit for unknown platform in category remote exploits =================================================================== Yahoo! Widget var heapSprayToAddress = 0x05050505; var payLoadCode =...
Yahoo! Widget 4.0.5 - GetComponentVersion() Remote Overflow
Yahoo! Widget 4.0.5 - GetComponentVersion Remote Overflow var heapSprayToAddress = 0x05050505; var payLoadCode =...
CVE-2005-4017
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...
CVE-2005-4016
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the 1 propertyid, 2 zipcode, 3 propertytypeid, 4 price, and 5 cityid parameters to property.php...
CVE-2005-4020
SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the productid parameter...
CVE-2005-4020
SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the productid parameter...
CVE-2005-4016
The CVE-2005-4016 entry describes an SQL injection vulnerability in Widget Property 1.1.19. The affected component is the property.php endpoint, where five parameters (property_id, zip_code, property_type_id, price, city_id) can be manipulated to execute arbitrary SQL commands. The issue enables ...
CVE-2005-4016
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the 1 propertyid, 2 zipcode, 3 propertytypeid, 4 price, and 5 cityid parameters to property.php...
CVE-2005-4017
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...
CVE-2005-4020
The CVE-2005-4020 issue affects Widget Imprint, version 1.0.26 and earlier, where create.php is vulnerable to SQL injection via the product_id parameter. This allows remote attackers to execute arbitrary SQL commands. The available sources confirm the vulnerability and affected version, but there...
CVE-2005-4017
The CVE-2005-4017 issue concerns Widget Property 1.1.19. The vulnerability is triggered by an invalid lang value in property.php that allows remote attackers to obtain the full server path, which is exposed in the resulting error message. The affected component is property.php within Widget Prope...
Widget Imprint SQL inj. vuln.
Widget Imprint SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/widget-imprint-sql-inj-vuln.html Vendor:http://www.widgetpress.com/products?product=wimprint affected version: 1.0.26 and prior Product Description: Database driven web...
Widget Property 1.1.19 - Property.php SQL Injection
Widget Property 1.1.19 - Property.php SQL Injection source: https://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script...
Multiple MacOS X vulnerabilities
System wide denial of service on parsing malcrafted TCP packet. Possibility to overwrite system widget...
Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget
Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...
Debian DSA-037-1 : Athena Widget replacement libraries - insecure tempfile handling
It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. Joey Hess has ported the bugfix from XFree86 to these Xaw replacements libraries. The fixes are available in nextaw 0.5.1-34potato1, xaw3d 1.3-6.9potato1, and xaw95...
Дырки в Athena Widget
Проблема временных файлов...
[SECURITY] [DSA 037-1] New versions of Athena Widget replacement libraries available
---------------------------------------------------------------------------- Debian Security Advisory DSA-037-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : nextaw, xaw3d,...