Microsoft Visual Basic for Applications Text Parsing Stack Buffer Overflow Vulnerability

Description Microsoft Visual Basic for Applications VBA is prone to a remote stack-based buffer-overflow vulnerability because of an error related to searching for embedded ActiveX controls within a Microsoft Office document. An attacker could exploit this issue to corrupt stack memory and execut...

MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

A stack memory corruption vulnerability exists in the way that the installed version of Visual Basic for Applications VBA searches for ActiveX controls embedded in documents. If an attacker can trick a user on the affected system into opening a specially crafted document that supports VBA, this...

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulleti...

CVE-2009-4838

SQL injection vulnerability in baseagcommon.php in Basic Analysis and Security Engine BASE before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...

CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

CVE-2010-1651

IBM WebSphere Application Server (WAS) is affected by CVE-2010-1651: when Basic authentication and SIP tracing are enabled, SIP trace logs contain the complete inbound/outbound SIP messages, allowing a local attacker to read sensitive information. Affected versions are WAS 6.1.x prior to 6.1.0.31...

CVE-2010-1651

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing aka full trace logging for SIP are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by readi...

Mandriva Update for tcsh MDVA-2010:123 (tcsh)

Check for the Version of tcsh OpenVAS Vulnerability Test Mandriva Update for tcsh MDVA-2010:123 tcsh Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

NIBE heat pump - Local File Inclusion

!/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274 which made me test the heat pumps and...

Apache Tomcat information leak

Internal computer name and port may be used as a realm name for HTTP basic authentication...

PT-2010-2872 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.0 through 5.5.29 Apache Tomcat versions 6.0.0 through 6.0.26 Description: The issue allows remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires either...

tomcat -- information disclosure vulnerability

The Apache software foundation reports: The "WWW-Authenticate" header for BASIC and DIGEST authentication includes a realm name. If a element is specified for the application in web.xml it will be used. However, a is not specified then Tomcat will generate one. In some circumstances this can expo...

Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure

Exploit for multiple platform in category remote exploits ======================================================================================= Apache Tomcat v. 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 information disclosure vulnerability...

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure

Apache Tomcat 5.5.0 5.5.29 6.0.0 6.0.26 - Information Disclosure CVE-2010-1157: Apache Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 6.0.0 to 6.0.26 - - Tomcat 5.5.0 to 5.5.29 Note: The unsupported Tomcat 3.x, 4.x an...

Apache ActiveMQ Detection

An administrative web interface for Apache ActiveMQ is running on the remote host. ActiveMQ is an open source messaging and Enterprise Integration Patterns server system. Note that starting with version 5.4.0, HTTP Basic Authentication is available to secure the administrative interface, and...

CVE-2010-1334

Pulse CMS Basic 1.2.4 is affected by an Unrestricted file upload vulnerability that allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension and then accessing it via a direct request to the file in an unspecified di...

CVE-2010-0992

Pulse CMS CSRF vulnerabilities (CVE-2010-0992) affect Pulse CMS Basic 1.2.2/1.2.3 and possibly Pulse Pro

CVE-2010-1334

Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory, a different...

uTorrent WebUI <= v0.370 Authorization header DoS Exploit

No description provided by source. !/usr/bin/perl Exploit Title: uTorrent WebUI = v0.370 Authorization header DoS Exploit Date: 2010-04-01 Author: zombiefx darkernetatgmail.comhttp://gmail.com Version: µTorrent 2.0 build 18488 / WebUI =v0.370 Tested on: Windows XP SP3 Code: lame usage: ./UTweb.pl...

CVE-2010-1234

Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors...