4128 matches found
Microsoft Word fails to properly process crafted array data
Overview Microsoft Word contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Word fails to properly handle malformed data within an array. When a Word file is opened, Word...
Code injection
The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...
CVE-2007-2135
The ADIBINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FNDDOCUMENTS table via the ADIDISPLAYREPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is relat...
CVE-2007-1911
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service CPU consumption via crafted documents, as demonstrated by 1 file798-1.doc and 2 file613-1.doc, possibly related to a buffer overflow...
Buffer overflow
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service CPU consumption via crafted documents, as demonstrated by 1 file798-1.doc and 2 file613-1.doc, possibly related to a buffer overflow...
CVE-2007-1911
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service CPU consumption via crafted documents, as demonstrated by 1 file798-1.doc and 2 file613-1.doc, possibly related to a buffer overflow...
CVE-2007-1911
CVE-2007-1911 affects Microsoft Word 2007. The connected documents describe multiple unspecified vulnerabilities that allow remote attackers to cause a denial of service (CPU exhaustion) by parsing crafted documents (e.g., file798-1.doc and file613-1.doc), with a possible relation to a buffer ove...
VulnCheck KEV: CVE-2007-1938
Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly due to a buffer overflow or cross-site scripting XSS...
C-Arbre <= 0.6PR7 (root_path) Remote File Inclusion Vulnerability
Exploit for unknown platform in category web applications ================================================================= C-Arbre = 0.6PR7 rootpath Remote File Inclusion Vulnerability ================================================================= \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / |...
McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability
Overview A vulnerability in an ActiveX control provided with the McAfee ePolicy Orchestrator and ProtectionPilot software could allow a remote attacker to execute arbitrary code on an affected system. Description The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are design...
[SECURITY] Fedora Core 6 Update: libwpd-0.8.9-1.fc6
Library that handles Word Perfect documents...
[SECURITY] Fedora Core 5 Update: libwpd-0.8.9-1.fc5
Library that handles Word Perfect documents...
Microsoft Windows fails to properly handle malformed OLE documents
Overview A vulnerability exists in a Microsoft Windows library that is used to handle OLE documents. The complete impact of this vulnerability is not clear, but may include the execution of arbitrary code as well as a denial of service. Description Microsoft OLE documents include summary...
CVE-2007-0320
CVE-2007-0320 involves Macrovision’s InstallFromTheWeb product (ActiveX control in iftw.dll and Netscape plug-in in npiftw32.dll). The connected sources document multiple buffer overflows in these components that could allow an attacker to execute arbitrary code via crafted HTML documents, potent...
Microsoft Word fails to properly handle malformed strings
Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...
CVE-2007-0806
Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/indexfr.php3, and possibly the adminews index documents for other localizations...
CVE-2007-0806
Les News 2.2 allows remote attackers to bypass authentication and gain administrative access via a direct request for adminews/indexfr.php3, and possibly the adminews index documents for other localizations...
CentOS 3 / 4 : libgsf (CESA-2007:0011)
Updated libgsf packages that fix a buffer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNOME Structured File Library is a utility library for reading and writing structured file formats. A heap based buff...
Fedora Core 5 : libgsf-1.13.3-3 (2006-1399)
Security errata for potential heap overflow in reading corrupt ole2 documents Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
libgsf security update
CentOS Errata and Security Advisory CESA-2007:0011 Updated libgsf packages that fix a buffer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNOME Structured File Library is a utility library for reading and...