16 matches found
OESA-2026-2549 rsync security update
Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...
CVE-2026-43620
A flaw was found in rsync. A malicious rsync server can exploit an out-of-bounds read vulnerability in the recvfiles function. By manipulating compatibility flags and transfer records, the server can cause a connecting client to attempt to read memory outside of allocated bounds. This can lead to...
ALPINE-CVE-2026-43620
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
EUVD-2026-31012
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2026-43620
Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recvfiles in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CFINCRECURSE in compatibility flags and sending a...
CVE-2007-5653
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...
NewV Smartclient 1.0.0.18 Command Execution
Vendor: NewV http:// www.newv.com.cn/ Product: NewV smartclient http://demo.newv.com.cn/lds/module/smartclientsetting.exe Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guoyuguo.cngmail.com Description: An input validation issue exists in the NewV Activ...
Instant Expert Analysis ActiveX控件任意代码下载和执行漏洞
BUGTRAQ ID: 31752 CVECAN ID: CVE-2008-4385 Instant Expert Analysis允许站点通过单击方式快速分析用户的软硬件。 Instant Expert Analysis对Firefox或Netscape浏览器使用签名的Java Applet(SRLApplet.class,由sysreqlab2.jar或sysreqlab.jar提供),对Internet Explorer使用签名的ActiveX控件(sysreqlab.dll、sysreqlabsli.dll或sysreqlab2.dll)。...
Design/Logic Flaw
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...
CVE-2007-5653
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...
CVE-2007-5653
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...
Intuit QuickBooks Online Edition ActiveX control stack buffer overflows
Overview The Intuit QuickBooks Online Edition ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that functions withi...
Trend Micro OfficeScan客户端ActiveX控件远程栈溢出漏洞
Trend Micro OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan企业版Web部署SetupINI ActiveX控件(OfficeScanSetupINI.dll)在显示配置设置列表时存在栈溢出漏洞,远程攻击者可能利用此漏洞控制客户端。 如果用户受骗访问了恶意站点传送超长属性的话,就会触发这个溢出,导致执行任意指令。 Trend Micro Client/Server/Messaging Security 3.5 Trend Micro Client/Server/Messaging Security 3.0 Trend Micro...
WinZip 10.0 - FileView ActiveX Controls Remote Overflow
WinZip 10.0 - FileView ActiveX Controls Remote Overflow / ---=== winzip-exploit.html XiaoHui : 76693223at163com HomePage: www.nipc.org.cn c 2006 All rights reserved. note:Because of the prior vuln in FileView ActiveX Control,Micorsoft has disabled this ActiveX Controls, To test this vuln,You can...