MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC)

!-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File Description : MaxiCode ActiveX File...

MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC)

object id=TestObj classid="CLSID:F359732D-D020-...

PYSEC-2014-97

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

Log1 CMS writeInfo() PHP Code Injection

This module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code...

CVE-2011-0265

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long dataselect1 parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/plugins/OnlineUsers/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSPTConfigdirdata parameter...

Design/Logic Flaw

globsyedit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter...

CVE-2008-4911

PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter...

CVE-2008-2644

Multiple cross-site scripting XSS vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the 1 data parameter to catalog.php, the 2 keyword parameter to search.php, the 3 page parameter to bb.php, and the 4 news parameter to order.php...

CVE-2007-5888

Cross-site scripting XSS vulnerability in displayecard.php in Coppermine Photo Gallery CPG before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter...

CVE-2006-6986

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which...

CVE-2006-6987

Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target...

CVE-2006-6990

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...

CVE-2006-6983

CVE-2006-6983 documents a cross-domain information disclosure in MYweb4net Browser 3.8.8.0. The vulnerability arises from an object tag with a data parameter referencing a link that points to a Location header on the attacker's site, allowing the target content to be exposed via the outerHTML att...

CVE-2006-6984

The CVE-2006-6984 entry concerns GreenBrowser 3.4.0622 and describes a cross-domain information disclosure vulnerability. An attacker can cause the browser to reveal restricted content from a target domain by using an object tag with a data parameter referencing a link on the attacker’s site that...

CVE-2006-6987

The CVE-2006-6987 entry describes a cross-domain information disclosure in FineBrowser Freeware 3.2.2 via an object tag using a data parameter that points to a page on the attacker’s site, which specifies a Location header referencing the target site and makes content available through the object...

CVE-2006-6988

CVE-2006-6988 (Slim Browser 4.07 build 100) : Cross-domain information disclosure via an object tag with a data parameter referencing an attacker site. The attacker’s link specifies a Location header that references the target site, allowing content to be exposed through the object’s outerHTML at...

CVE-2006-6991

Technical details about CVE-2006-6991 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2006-6992

Technical details about CVE-2006-6992 are not publicly available in the provided documents. Monitor for updates to confirm affected products, root cause, impact, and remediation.