Microsoft Office Malformed String Parsing Code Execution Vulnerability

Description Microsoft Office is prone to a code-execution vulnerability. This condition can occur when a malformed string within an Office file is parsed. This vulnerability is located in a shared library used by multiple Office applications, potentially allowing many different attack vectors. An...

How to let someone in Trojan－Trojan a commonly used trick Daguan-vulnerability warning-the black bar safety net

How to let others in the Trojan horse? It is the users who ask the most questions, sketchy answers there are some, but always very little, so the small fish decided to collect everyone's wisdom and Next a little experience to write a feature article. Hope that you get to the floor, perfect this...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

US-CERT Technical Cyber Security Alert TA06-139A -- Microsoft Word Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-139A Microsoft Word Vulnerability Original release date: May 19, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Word 2003 Microsoft Word XP 2002 Microsoft Word is includ...

Microsoft Word object pointer memory corruption vulnerability

Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...

FreeBSD : bogofilter -- heap corruption through malformed input (92140bc9-7bde-11da-8ec4-0002b3b60e4c)

Matthias Andree reports : When using Unicode databases default in more recent bogofilter installations, upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc'd buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing...

Invision Power Board v2.1.5 Remote SQL Injection

Invision Power Board v2.1.5 Remote SQL Injection Filename :- funcmod.php Functionname :- postdelete Lines :- 89 To 209 Bug Found By :- Devil-00 Greetz :- Rock Master ^ Hackers Pal ^ n0m4rcy ^ www.securtygurus.net Code if isarray $id if count$id 0 $pid = " IN".implode",",$id.""; else return FALSE;...

Kerio Mailserver attachments filtering bypass

No description provided...

CVE-2006-2036

CVE-2006-2036 affects iOpus Secure Email Attachments (SEA) 1.0. Root cause: improper handling of passwords that are repetitions of a substring, enabling an attacker to decrypt files by entering only the substring. Impact: partial confidentiality. No remediation details are provided in the supplie...

security flaw

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

Ubuntu 4.10 / 5.04 / 5.10 : imagemagick vulnerabilities (USN-246-1)

Florian Weimer discovered that the delegate code did not correctly handle file names which embed shell commands CVE-2005-4601. Daniel Kobras found a format string vulnerability in the SetImageInfo function CVE-2006-0082. By tricking a user into processing an image file with a specially crafted fi...

DEBIAN-CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...

Information disclosure

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0892

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...

Directory traversal

NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities...

CVE-2006-0893

NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to 1 the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and 2 the tmp directory, which lists names of uploaded attachments...

CVE-2006-0892

CVE-2006-0892 affects NOCC Webmail 1.0. The vulnerability arises from how attachments are stored and named in temporary files, enabling directory traversal to access e-mail attachments. Related sources also describe a local file include flaw in NOCC (via the lang parameter in index.php) that coul...

BlackBerry Enterprise Server Attachment Handling Buffer Overflows

The version of BlackBerry Enterprise Server on the remote host reportedly contains flaws in its handling of Word and TIFF document attachments that may result in buffer overflows when a user opens a malformed file on a BlackBerry device. A remote attacker may be able to exploit this issue to...

Lotus Notes < 6.5.5 / 7.0.1 Attachment Handling Vulnerabilities

The version of Lotus Notes installed on the remote host reportedly contains five buffer overflow vulnerabilities and one directory traversal vulnerability in the KeyView viewers used to handle message attachments. By sending specially crafted attachments to users of the affected application and...

CVE-2006-0662

Cross-site scripting XSS vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser...