4129 matches found
PT-2004-1967 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x through 1.3.32 Description: The issue is related to a buffer overflow in the get tag function in mod include, which allows local users who can create SSI documents to execute arbitrary code as the apache user. This can b...
[SA12765] Microsoft Internet Explorer Disclosure of Sensitive XML Information
TITLE: Microsoft Internet Explorer Disclosure of Sensitive XML Information SECUNIA ADVISORY ID: SA12765 VERIFY ADVISORY: http://secunia.com/advisories/12765/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Microsoft Internet Explorer 6...
CVE-2004-0573
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website...
GLSA-200407-11 : wv: Buffer overflow vulnerability
The remote host is affected by the vulnerability described in GLSA-200407-11 wv: Buffer overflow vulnerability A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code is executed when wv encounters an unrecognized token, so a specially crafted...
wv: Buffer overflow vulnerability
Background The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Description A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code...
Microsoft Internet Explorer 6 - Shell.Application Object Script Execution
Microsoft Internet Explorer 6 - Shell.Application Object Script Execution source: https://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the...
Multiple osTicket exploits!
ATTENTION ALL SITES USING OSTICKET. PLEASE DISABLE UPLOADS. June 17 2004. Multiple Problems with osTicket Software Data: OSTICKET, http://www.osticket.com/ "Need to test the system before you install? Then try our demo version of the latest release of osTicket. DEMO DISABLED" Note: When a softwar...
Microsoft Internet Explorer 6 - Codebase Double Backslash Local Zone File Execution
source: https://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE object property. Under certain...
Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun
Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient...
Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness
Description Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security Zones with relaxed security restrictions, such as the Intranet Zone. This...
Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files
Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of servic...
CVE-2002-0619
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...
CVE-2002-1684
Directory traversal vulnerability in 1 Deerfield D2Gfx 1.0.2 or 2 BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ dot dot slash in the script used to read Microsoft Office documents...
Microsoft Word does not check for macros contained in linked template file when opening RTF document
Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...
Apache 2.0 - Full Path Disclosure
Apache 2.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/5485/info A path disclosure vulnerability has been reported in Apache 2.0.x. It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files such as error documents that hav...
Apache Httpd < 2.0.40 : Path revealing exposures
A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...
CVE-2002-0169
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...
Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter
Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...
dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/mailmerge.asp Title: A variant of "Word Mail Merge" vulnerability Authors: ERRor, 3APA3A Date: May, 03 2002 Affected: Office 97, 2000, XP Vendor: Microsoft Risk: Average to high...