Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Microsoft Word 2000 Unspecified Code Execution Exploit (0day)

Exploit for unknown platform in category local exploits ============================================================= Microsoft Word 2000 Unspecified Code Execution Exploit 0day ============================================================= use at your own risk + Title: Microsoft Word 2000...

Drupal Comment_Form_Add_Preview函数远程代码执行漏洞

Drupal是一款开放源码的内容管理平台。 Drupal不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是评注中的预览没有从普通验证函数通过就直接传递，启用用户可使用'post comments'权限并访问超过一个输入格式过滤来执行任意代码。默认情况下，匿名和验证用户只能访问仅一个输入格式。 vbDrupal 4.7.5 Drupal 4.7.5 Drupal 4.7.4 Drupal 4.7.4 Drupal 4.7.3 Drupal 4.7.3 Drupal 4.7.2 Drupal 4.7.1 Drupal 4.7 Drupal 5.0 补丁下载：...

Debian DSA-1251-1 : netrick - insufficient escaping

It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Design/Logic Flaw

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

CVE-2007-0404

CVE-2007-0404 affects Django 0.95. The vulnerability lies in bin/compile-messages.py, which invokes msgfmt via os.system without quoting argument strings, allowing an attacker to inject shell metacharacters via a (1) .po or (2) .mo file and execute arbitrary commands. The underlying cause is unsa...

AllMyLinks Index.PHP远程文件包含漏洞

AllMyLinks是一款基于PHP的WEB应用程序。 AllMyLinks不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 AllMyPHP AllMyLinks 0.5 目前没有解决方案提供： http://www.php-resource.net/content-12.html...

PowerArchiver PAISO.DLL ISO文件处理缓冲区溢出漏洞

PowerArchiver是一款解压缩程序。 PowerArchiver处理ISO映象文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于PAISO.DLL version 1.7.3.0中的LoadTree和ReadHeader函数中，LoadTree和ReadHeader函数通过读取ISO文件中的目录条目构建每个文件的完整路径名，从每个目录条目中读取的目录名使用lstrcatA进行合成，最后成为文件名，最后使用不安全lstrcpyA函数拷贝到固定长度的堆栈缓冲区溢出，精心构建ISO文件，诱使用户打开，可导致以应用程序进程权限执行任意指令。...

HP Openview connectedNodes.ovpl Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen. This module requires Metasploit: https://metasploit.com/download Current source:...

AWStats configdir Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

Cacti graph_view.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graphview.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Barracuda IMG.PL Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

TDiary未明远程代码执行漏洞

TDiary是一款类似WEBBLOG的日记软件。 TDiary存在一个未明安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 tDiary tDiary 2.0.3 tDiary tDiary 2.0.2 tDiary tDiary 2.0.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debi...

Ultimate PHP Board chat/login.php username Parameter Arbitrary Command Execution

The remote host is running Ultimate PHP Board UPB. The version of UPB installed on the remote host does not sanitize input to the 'username' parameter of the 'chat/login.php' script before writing it to 'chat/text.php'. Regardless of PHP's settings, an attacker can leverage this flaw to inject...

Microsoft Office for Mac未明安全漏洞

Microsoft Office for Mac是一款微软开发的使用在苹果系统上的办公软件。 Microsoft Office for Mac存在未明错误，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Microsoft Office X for Mac 0 Microsoft Office 2004 for Mac 0 目前没有详细解决方案提供： http://www.microsoft.com/mac/products/office2004/office2004.aspx?pid=office2004...

CVE-2006-6678

The edittextarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename...

TYPO3 'spell-check-logic.php' 'userUid' Parameter Arbitrary Command Execution

The remote host is running TYPO3, an open source content management system written in PHP. The version of TYPO3 installed on the remote host fails to sanitize user-supplied input to the 'userUid' parameter before using it in the 'spell-check-logic.php' script to execute a command. An...