Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow (CVE-2007-1689)

A remote code execution vulnerability has been reported in Symantec Norton Internet Security 2004. The vulnerability is due to data validation failure by the ISAlertDataCOM ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted...

Multiple Products NCTAudioFile2 ActiveX Control Buffer Overflow (CVE-2007-0018)

A remote code execution vulnerability has been reported in the NCTAudioFile2 ActiveX control. The vulnerability is due to a data validation failure by the NCTAudioFile2 ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially crafted...

Multiple Products IASystemInfo.DLL ActiveX Control Buffer Overflow (CVE-2007-0348)

A remote code execution vulnerability has been reported in multiple products containing the IASystemInfo.DLL ActiveX control. The vulnerability is due to a data validation failure by the ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a...

[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS

---------------------------------------------------------------------- PT-2011-21 Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7.0 and...

Zenturi ProgramChecker ActiveX Components ActiveX Controls Buffer Overflows (CVE-2007-2987)

Multiple buffer overflow vulnerabilities have been reported in Zenturi ProgramChecker. The vulnerabilities are due to a data validation failure, resulting in a buffer overflow. A remote attacker may exploit these vulnerabilities by enticing a target user to open a specially crafted HTML file...

WordPress Plugin BackWPUp 2.1.4 - Code Execution

Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote without authentication Solution Status. Upgrade to...

WordPress BackWPUp Plugin 2.1.4 - Code Execution

BackWPup is prone to a code execution vulnerability that can be exploited to execute local or remote code on the web server. It allows an attacker to specify FTP resources as input by using a lack of data validation on the BackWPUpJobTemp POST parameter of job/wpexportgenerate.php. Solution Upgra...

WordPress BackWPUp Plugin 2.1.4 Code Execution

Exploit for php platform in category web applications Sense of Security - Security Advisory - SOS-11-012 Release Date. 17-Oct-2011 Vendor Notification Date. 14-Oct-2011 Product. BackWPUp Platform. WordPress Affected versions. 2.1.4 Severity Rating. High Impact. System access Attack Vector. Remote...

Citrix Provisioning Services Opcode 40020010 Stack Buffer Overflow

A stack buffer overflow vulnerability has been reported in Citrix Provisioning Service. Citrix Provisioning Service facilitates image management for virtual and physical workloads services, by allowing computers to obtain applications from the network in real-time. The vulnerability is due to...

A Really Simple Chat Multiple SQL Injection Vulnerabilities

A Really Simple Chat is prone to multiple SQL injection vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

CVE-2011-1598

The bcmrelease function in net/can/bcm.c in the Linux kernel before 2.6.39-rc6 does not properly validate a socket data structure, which allows local users to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a crafted release operation...

Microsoft Office XP Data Validation Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Sonexis ConferenceManager 9.3.14.0 Blind SQL Injection

NETRAGARD ADVISORY http://www.netragard.com Research Driven Penetration Testing POSTING NOTICE -------------------------------------------------------------------------- If you intend to post this advisory on your web page please create a clickable link back to the original Netragard advisory as...

Microsoft Windows Kernel-Mode Drivers Win32k Memory Corruption (MS11-012; CVE-2011-0090)

The Windows kernel-mode driver win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager and the Graphics Device Interface GDI. It also serves as a wrapper for DirectX support. An elevation of privilege vulnerability has been...

Microsoft Windows Win32k Insufficient User Input Validation (MS11-012; CVE-2011-0087)

The Windows kernel-mode driver win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager and the Graphics Device Interface GDI. It also serves as a wrapper for DirectX support. An elevation of privilege vulnerability has been...

CVE-2011-1016

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with 1 Video RAM aka VRAM or 2 the Graphics Translation Table GTT via crafted values...