2026 matches found
Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
Overview Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the Windows operating...
Opera Web Browser 8.08.5 - HTML Form Status Bar Misrepresentation
Opera Web Browser 8.08.5 - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/15472/info A vulnerability has been identified in Opera Web browser that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be mislead into...
Dia: Arbitrary code execution through SVG import
Background Dia is a gtk+ based diagram creation program released under the GPL license. Description Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Impact An attacker could create a specially crafted SVG file, which, when imported...
SoftiaCom wMailServer 1.0 - Local Information Disclosure
// source: https://www.securityfocus.com/bid/14212/info SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry. A local attacker may exploit this issue to disclose potentially sensitive information. / Vulnerability:...
ATutor 1.4.3 - search.php Multiple Cross-Site Scripting Vulnerabilities
ATutor 1.4.3 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...
BookReview 1.0 - 'add_booklist.htm?node' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
phpMyAdmin 2.x - 'server_databases.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
Serendipity < 0.80 RC7 Multiple Vulnerabilities
Binary data 2920.prm...
Multiple XSS issues in Sun AnswerBook2
PTT SECURITY ADVISORY DATE: 08-02-2005 AUTHOR: THOMAS LIAM ROMANIS CURRENT EMPLOYER: Echelon Ltd VENDOR: Sun PRODUCT: Sun AnswerBook2 VERSIONS TESTED: 1.4.4 on Solaris 8.0 Sparc TITLE: Multiple issues in Sun Answerbook2 Full Disclosure. Summary. A number of issues have been identified in Sun...
answerbook2.txt
PTT SECURITY ADVISORY DATE: 08-02-2005 AUTHOR: THOMAS LIAM ROMANIS CURRENT EMPLOYER: Echelon Ltd VENDOR: Sun PRODUCT: Sun AnswerBook2 VERSIONS TESTED: 1.4.4 on Solaris 8.0 Sparc TITLE: Multiple issues in Sun Answerbook2 Full Disclosure. Summary. A number of issues have been identified in Sun...
Smail 3.2.0.120 Remote Root Heap Overflow Exploit
Exploit for linux platform in category remote exploits ================================================= Smail 3.2.0.120 Remote Root Heap Overflow Exploit ================================================= / 0 smail preparseaddress1 heap bof remote root exploit infamous42md AT hotpop DOT com Shout...
kayakoXSS2.txt
GulfTech Security Research March 22, 2005 Vendor : Kayako Web Solutions URL : http://www.kayako.com/ Version : Kayako eSupport v2.3 Risk : Cross Site Scripting Description: Kayako eSupport is a popular helpdesk, and support software. It is used by many businesses for customer support purposes...
PHP-Fusion 5.0 - BBCode IMG Tag Script Injection
PHP-Fusion 5.0 - BBCode IMG Tag Script Injection source: https://www.securityfocus.com/bid/12751/info PHP-Fusion is reported prone to a script injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically...
Sylpheed < 1.0.3 Invalid Header Overflow
Binary data 2672.prm...
CVE-2005-0593
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via 1 a web site that does not finish loading, which shows the lock of the previous site, 2 a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake ...
CVE-2004-1390
Multiple buffer overflows in the PPPoE daemon PPPoEd in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the 1 -F, 2 name, 3 en, 4 upscript, 5 downscript, 6 retries, 7 timeout, 8 scriptdetach, 9 noscript, 10 nodetach, 11 remotemac, or 12 localmac flags...
[Full-Disclosure] Password Disclosure for SMB Shares in KDE's Konqueror
------------------------------------------------------------------------- | Password Disclosure for SMB Shares in KDE's Konqueror | ------------------------------------------------------------------------- Date: Nov. 29, 2004 Author: Daniel Fabian Product: KDE, Konquerer Vendor: KDE e. V...
Microsoft SQL Server 7.0 - Remote Denial of Service (2)
Microsoft SQL Server 7.0 - Remote Denial of Service 2 // source: https://www.securityfocus.com/bid/11265/info Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications. An...
Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation
Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation source: https://www.securityfocus.com/bid/10023/info A vulnerability has been identified in Microsoft Internet Explorer that allows an attacker to misrepresent the status bar in the browser, allowing vulnerable users to be...
CVE-2004-1244
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large 1 width or 2 height values, aka the "PNG Processing Vulnerability."...