Lucene search
K

4129 matches found

Positive Technologies
Positive Technologies
added 2004/10/21 12:0 a.m.4 views

PT-2004-1967 · Apache · Apache +1

Name of the Vulnerable Software and Affected Versions: Apache versions 1.3.x through 1.3.32 Description: The issue is related to a buffer overflow in the get tag function in mod include, which allows local users who can create SSI documents to execute arbitrary code as the apache user. This can b...

7.8CVSS7.9AI score0.0483EPSS
Exploits1References26
securityvulns
securityvulns
added 2004/10/11 12:0 a.m.22 views

[SA12765] Microsoft Internet Explorer Disclosure of Sensitive XML Information

TITLE: Microsoft Internet Explorer Disclosure of Sensitive XML Information SECUNIA ADVISORY ID: SA12765 VERIFY ADVISORY: http://secunia.com/advisories/12765/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Microsoft Internet Explorer 6...

0.2AI score
Exploits0
NVD
NVD
added 2004/09/28 4:0 a.m.20 views

CVE-2004-0573

Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website...

7.5CVSS7.8AI score0.42337EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.21 views

GLSA-200407-11 : wv: Buffer overflow vulnerability

The remote host is affected by the vulnerability described in GLSA-200407-11 wv: Buffer overflow vulnerability A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code is executed when wv encounters an unrecognized token, so a specially crafted...

10CVSS6.6AI score0.08448EPSS
Exploits1References3
Gentoo Linux
Gentoo Linux
added 2004/07/14 12:0 a.m.25 views

wv: Buffer overflow vulnerability

Background The wv library allows access to MS Word files. It can parse Word files and allow other applications, such as abiword, to import those files into their native formats. Description A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code...

10CVSS7.3AI score0.08448EPSS
Exploits1
exploitpack
exploitpack
added 2004/07/03 12:0 a.m.12 views

Microsoft Internet Explorer 6 - Shell.Application Object Script Execution

Microsoft Internet Explorer 6 - Shell.Application Object Script Execution source: https://www.securityfocus.com/bid/10652/info Microsoft Internet Explorer is reported prone to a security weakness that may permit malicious HTML documents the ability to execute script code. This script code has the...

7.5AI score
Exploits0
securityvulns
securityvulns
added 2004/06/23 12:0 a.m.42 views

Multiple osTicket exploits!

ATTENTION ALL SITES USING OSTICKET. PLEASE DISABLE UPLOADS. June 17 2004. Multiple Problems with osTicket Software Data: OSTICKET, http://www.osticket.com/ "Need to test the system before you install? Then try our demo version of the latest release of osTicket. DEMO DISABLED" Note: When a softwar...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/11/25 12:0 a.m.17 views

Microsoft Internet Explorer 6 - Codebase Double Backslash Local Zone File Execution

source: https://www.securityfocus.com/bid/10344/info A vulnerability has been reported that may potentially permit HTML documents to gain unauthorized access to local resources by using specific syntax when referencing said resource as a value for the CODEBASE object property. Under certain...

7AI score
Exploits0
exploitpack
exploitpack
added 2003/09/03 12:0 a.m.9 views

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun

Microsoft Visual Basic For Applications SDK 5.06.06.26.3 - Document Handling Buffer Overrun source: https://www.securityfocus.com/bid/8534/info A vulnerability has been discovered in Microsoft Visual Basic for Applications. The vulnerability occurs because the software fails to perform sufficient...

0.3AI score
Exploits0
Symantec
Symantec
added 2003/08/23 12:0 a.m.18 views

Microsoft Internet Explorer ADODB.Stream Object File Installation Weakness

Description Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security Zones with relaxed security restrictions, such as the Intranet Zone. This...

7.3AI score
Exploits0References6Affected Software1
CERT
CERT
added 2003/07/24 12:0 a.m.35 views

Microsoft Windows DirectX MIDI library does not adequately validate Text or Copyright parameters in MIDI files

Overview A Microsoft Windows DirectX library, quartz.dll, does not properly validate certain parameters in Musical Instrument Digital Interface MIDI files. An attacker could exploit this vulnerability to execute arbitrary code or crash any application using the library, causing a denial of servic...

7.5CVSS7.2AI score0.32667EPSS
Exploits0References3
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.25 views

CVE-2002-0619

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic VBA scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" CVE-2000-0788...

6.6AI score0.16075EPSS
Exploits0References4
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.22 views

CVE-2002-0169

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...

6.5AI score0.00406EPSS
Exploits0References5
NVD
NVD
added 2002/12/31 5:0 a.m.13 views

CVE-2002-1684

Directory traversal vulnerability in 1 Deerfield D2Gfx 1.0.2 or 2 BadBlue Enterprise Edition 1.5.x and BadBlue Personal Edition 1.5.6 allows remote attackers to read arbitrary files via a ../ dot dot slash in the script used to read Microsoft Office documents...

5CVSS6.6AI score0.04905EPSS
Exploits0References3
CERT
CERT
added 2002/09/27 12:0 a.m.42 views

Microsoft Word does not check for macros contained in linked template file when opening RTF document

Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...

4.6CVSS7.1AI score0.01432EPSS
Exploits0References2
exploitpack
exploitpack
added 2002/08/16 12:0 a.m.16 views

Apache 2.0 - Full Path Disclosure

Apache 2.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/5485/info A path disclosure vulnerability has been reported in Apache 2.0.x. It is possible to reproduce this condition on vulnerable systems by making a request for certain types of files such as error documents that hav...

7.4AI score
Exploits0
Apache Httpd
Apache Httpd
added 2002/07/05 12:0 a.m.33 views

Apache Httpd < 2.0.40 : Path revealing exposures

A path-revealing exposure was present in multiview type map negotiation such as the default error documents where a module would report the full path of the typemapped .var file when multiple documents or no documents could be served. Additionally a path-revealing exposure in cgi/cgid when Apache...

5CVSS0.1AI score0.58676EPSS
Exploits0Affected Software1
NVD
NVD
added 2002/05/29 4:0 a.m.15 views

CVE-2002-0169

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier...

4.6CVSS6.5AI score0.00406EPSS
Exploits0References5
CERT
CERT
added 2002/05/10 12:0 a.m.19 views

Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter

Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...

7.5CVSS7.2AI score0.24104EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/05/06 12:0 a.m.34 views

dH team &amp; SECURITY.NNOV: A variant of &quot;Word Mail Merge&quot; vulnerability

Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/mailmerge.asp Title: A variant of "Word Mail Merge" vulnerability Authors: ERRor, 3APA3A Date: May, 03 2002 Affected: Office 97, 2000, XP Vendor: Microsoft Risk: Average to high...

7AI score
Exploits0
Rows per page
Query Builder