CVE-2013-0073

CVE-2013-0073 affects the Windows Forms component of Microsoft .NET Framework (versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5). The root cause is improper restriction of privileges for a callback function during object creation, which can allow remote attackers to execute arbitrary code via a crafted XBAP ...

Portable UPnP SDK unique_service_name() Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Portable UPnP SDK uniqueservicename...

Memory corruption

Off-by-one error in the iconcb function in peicons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third...

CVE-2010-3692

Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU PGTiou parameter...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

CVE-2010-3690

Multiple cross-site scripting XSS vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Proxy Granting Ticket IOU PGTiou parameter to the callback function in client.php, 2 vectors involving functions that...

Debian Security Advisory DSA 2023-1 (curl)

The remote host is missing an update to curl announced via advisory DSA 2023-1. OpenVAS Vulnerability Test $Id: deb20231.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2023-1 curl Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

cURL/libcURL CURLOPT_ENCODING选项缓冲区溢出漏洞

BUGTRAQ ID: 38162 cURL是命令行传输文件工具，支持FTP、FTPS、HTTP、HTTPS、GOPHER、TELNET、DICT、FILE和LDAP。 在下载数据时，libcurl库使用客户端软件所注册的回调函数将数据传送给应用程序，在完成传输之前会反复的调用该函数。回调函数可接收的最大数据大小为16K（CURLMAXWRITESIZE）。 在HTTP上使用libcurl库下载压缩的内容时应用程序可以要求libcurl自动解压数据。而解压期间libcurl可能错误的向回调函数发送最多可为64K的数据，因此盲目信任libcurl的最大缓冲区限制的应用可能会出现缓冲区溢出。...

phpwind 7.5 api/class_base.php Include Vulnerabilities

PHPWind 论坛系统 是一套采用 php+mysql 数据库 方式运行并可生成 html 页面的全新且完善的强大系统。因具有非凡的访问速度和卓越的负载能力而深受国内外朋友的喜爱。 api/classbase.php文件里callback函数里$mode变量没有过滤导致任意包含本地文件,从而可以执行任意PHP命令. api/classbase.php文件里: function callback$mode, $method, $params if !isset$this-classdb$mode if !fileexistsRP.'api/class' . $mode . '.php'...

Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities

The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user's printer. - Multiple stack-based buffer overflows may allow...

WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution

WordPress Plugin WP-Syntax 0.9.1 - Remote Command Execution ============================================================ Wordpress Plugin WP-Syntax Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0...

Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities

The version of Adobe Reader installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user's printer. - Multiple stack-based buffer overflows may allow ...

CVE-2006-6952

Computer Associates Host Intrusion Prevention System HIPS drivers 1 Core kmxstart.sys 6.5.4.31 and 2 Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers...

CVE-2006-6952

CVE-2006-6952 affects CA Personal Firewall/CA Internet Security Suite 2007: HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) allow local privilege escalation by using privileged IOCTLs to modify callback pointers. Impact is local privilege escalation; affected products include CA Personal F...

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

CVE-2005-2263

CVE-2005-2263 affects Firefox (before 1.0.5) and Mozilla (before 1.7.9). The issue arises in InstallTrigger.install: forcing a page navigation after the install method is called causes a callback to be executed in the context of the new page, resulting in a same-origin violation. This means a rem...

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

Windows 2000 Network Connection Manager privelege escalation

Callback function is called with system priveleges...