9803 matches found
Multiple PHP Vulnerabilities - Remote Compromise Exploit in Circulation
Internet Security Systems Security Alert February 27, 2002 Multiple PHP Vulnerabilities: Remote Compromise Exploit in Circulation Synopsis: ISS X-Force has learned of multiple buffer overflow vulnerabilities present in the PHP Hypertext Preprocessor scripting language. PHP is a popular server-sid...
More reading of local files in MSIE
More reading of local files in MSIE Description There is a security vulnerability in IE 5.5 and 6 probably other versions as well which allows reading and sending of local files. The problem lies in the fact that you are able to access a local file's dom by calling the execScript function on a...
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' slash, as demonstrated using ctx...
Microsoft Internet Explorer does not properly handle document.open()
Overview Microsoft Internet Explorer contains a vulnerability in which a script from one source is permitted to access files on the client's file system. An attacker may be able to read cookies and other files on a target system, and spoof Internet sites by creating believable window titles...
MSIE6 can read local files
Description There is a bug in the Microsoft.XMLHTTP component shipped with Internet Explorer 6 which allows reading and sending local files. This component doesn't handle http redirects to local files properly In order for this exploit to work the file name must be known. The exploit doesn't...
Security Bulletin MS01-055
---------------------------------------------------------------------- Title: Cookie Data in IE Can Be Exposed or Altered Through Script Injection Date: 08 November 2001 Software: Internet Explorer Impact: Exposure and altering of data in cookies Max Risk: High Bulletin: MS01-055 Microsoft...
CVE-1999-1375
CVE-1999-1375 concerns FileSystemObject (FSO) used by showfile.asp (ASP); remote attackers can read arbitrary files by specifying the file parameter. Affected: showfile.asp with FSO operations. Root cause and full impact are described as arbitrary file reads in the provided documents. No remediat...
CVE-1999-1375
FileSystemObject FSO in the showfile.asp Active Server Page ASP allows remote attackers to read arbitrary files by specifying the name in the file parameter...
Solaris 2.x7.08 IRIX 6.5.x OpenBSD 2.x NetBSD 1.x Debian 3 HP-UX 10 - TelnetD Remote Buffer Overflow
Solaris 2.x7.08 IRIX 6.5.x OpenBSD 2.x NetBSD 1.x Debian 3 HP-UX 10 - TelnetD Remote Buffer Overflow // source: https://www.securityfocus.com/bid/3064/info A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can...
Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow
// source: https://www.securityfocus.com/bid/3064/info A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function...
Несанкционированный доступ в Active Web Classifieds (unauthorized access)
Ко многим конфигурационным функциям можно обратиться в обход защиты паролем...
Active Web Classifieds failure to authenticate leads to arbitrary code execution
Active Classifieds Free Edition from Active Web Suite Technologies http://www.activewebsuite.com fails to authenticate administrators, which allows unauthorized modification of configuration files, which in turn, allows remote arbitrary code execution. Tested on: Program: Active Classifieds Free...
CVE-2001-1290
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the tablewidth parameter...
Active Classifieds 1.0 - Arbitrary Code Execution
Active Classifieds 1.0 - Arbitrary Code Execution source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds tha...
Active Classifieds 1.0 - Arbitrary Code Execution
source: https://www.securityfocus.com/bid/2942/info Active Classifieds is a CGI package that provides an online classified advertisement listing and management system. An origin validation error exists in the Free Edition of Active Classifieds that may allow remote users to perform some...
Security Bulletin MS01-029
---------------------------------------------------------------------- Title: Windows Media Player .ASX Processor Contains Unchecked Buffer Date: 23 May 2001 Software: Windows Media Player 6.4 and 7 Impact: Potentially run code of attacker's choice. Bulletin: MS01-029 Microsoft encourages...
iexslt.txt
[email protected] Georgi Guninski security advisory 43, 2001 XML scripting in IE, Outlook Express Systems affected: Internet Explorer 5.x - including full patched up to now though Microsoft cannot reproduce the problem on fully patched IE 5.x ,Outlook Express probably Outlook have not tested...
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets XSL that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host WSH...
Microsoft Internet Explorer 5.0/5.5 / OE 5.5 - XML Stylesheets Active Scripting
source: https://www.securityfocus.com/bid/2633/info A vulnerability exists in the handling of XML stylesheets in Internet Explorer and Outlook Express. If active scripting is disabled in all security zones, IE and OE will still allow script to run if it is contained in the stylesheet of an XML...
Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function
Overview Internet Explorer may disclose files on your computer if you visit a malicious web site or read a mail message with Active Scripting enabled. Description By design, Microsoft Internet Explorer prevents programs on web sites from reading files on your computer without authorization...