Lucene search
K

4151 matches found

CERT
CERT
added 2002/05/10 12:0 a.m.20 views

Microsoft MSN Messenger Chat Control contains a buffer overflow in "ResDLL" parameter

Overview Microsoft's MSN Chat is an ActiveX control for Microsoft Messenger, an instant messaging client. A buffer overflow exists in the ActiveX control that may permit a remote attacker to execute arbitrary code on the system with the privileges of the current user. Description A buffer overflo...

7.5CVSS7.2AI score0.24104EPSS
Exploits0References4
securityvulns
securityvulns
added 2002/05/06 12:0 a.m.35 views

dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability

Русская версия этой advisory приведена ниже. Original version of this advisory: http://www.security.nnov.ru/advisories/mailmerge.asp Title: A variant of "Word Mail Merge" vulnerability Authors: ERRor, 3APA3A Date: May, 03 2002 Affected: Office 97, 2000, XP Vendor: Microsoft Risk: Average to high...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2002/04/20 12:0 a.m.21 views

Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service

source: https://www.securityfocus.com/bid/4564/info Microsoft Internet Explorer is vulnerable to a denial of service due to an error in handling certain self-referential definitions in HTML documents. This occurs when an object of type "text/html" is specified, with the DATA field referencing the...

7AI score
Exploits0
securityvulns
securityvulns
added 2002/03/05 12:0 a.m.36 views

Проксирование HTTP-запросов через JAVA (unauthorized access)

Через прокси сервер можно получить и отправить любые html-доументы...

1.9AI score
Exploits0References2Affected Software5
securityvulns
securityvulns
added 2002/02/26 12:0 a.m.66 views

Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer

CERT Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer Original release date: February 25, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Microsoft Internet Explorer Microsoft Outlook and Outlook Express...

7.5CVSS8AI score0.39767EPSS
Exploits0
CVE
CVE
added 2002/02/02 5:0 a.m.49 views

CVE-2001-1023

CVE-2001-1023 affects Xcache 2.1. Remote attackers can disclose the server’s absolute paths by requesting a URL that Xcache has not cached; the product returns the full pathname in the Content-PageName header. The vulnerability is an information disclosure: partial confidentiality impact. Affecte...

5CVSS7AI score0.01522EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2001/05/30 12:0 a.m.25 views

Aladdin eSafe Gateway Filter Bypass - Updated Advisory

29 May 2001 This is the first of 3 sequential advisories we are issuing today regarding Aladdin eSafe Gateway. This advisory replaces our advisory from 16 May 2001. Status --------- The entire content of this advisory was reviewed and acknowledged by Aladdin. The vulnerability reffers to version...

Exploits0
securityvulns
securityvulns
added 2001/05/21 12:0 a.m.38 views

Aladdin eSafe Gateway script filter bypass

Product: eSafe Gateway Vendor: Aladdin Knowledge Systems www.ealaddin.com Vesrsion: 3.0 was tested and found vulnerable, earlier versions might be vulnerable as well. Status: Vendor was informed. Background -------------------- eSafe Gateway 3.0 is an Internet Content Security product. You can...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2001/03/23 12:0 a.m.54 views

Проблемы в Compaq Management Software (HTTP proxy)

Web-Сервис установленный на порт 2301 работает как HTTP-прокси при запросе внешнего документа...

7.2AI score
Exploits0References1Affected Software1
CVE
CVE
added 2001/01/22 5:0 a.m.49 views

CVE-2000-0974

CVE-2000-0974 concerns GnuPG (gpg) 1.0.3 and earlier versions, which fail to properly verify all signatures in a file containing multiple documents. The underlying flaw allows an attacker to modify the contents of all documents after the first without detection, as described in the CVE entry and ...

7.5CVSS6.4AI score0.03039EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2001/01/22 5:0 a.m.21 views

CVE-2000-0932

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service...

6.7AI score0.01291EPSS
Exploits0References2
securityvulns
securityvulns
added 2000/12/21 12:0 a.m.41 views

NAV 5.0 and embedded files

Product: Norton Symantec Antivirus Platform: Win32 Versions: 5.0 Problem: Files 'embedded' in Word and Excel documents appear to evade scanning. I have noticed what appears to me to be a disturbing lapse in the scanning procedure of Norton Antivirus 5.0 Win32. I am looking for corroboration and...

7.2AI score
Exploits0
NVD
NVD
added 2000/12/19 5:0 a.m.15 views

CVE-2000-0932

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service...

5CVSS6.7AI score0.01291EPSS
Exploits0References2
Debian
Debian
added 2000/11/11 3:11 a.m.2 views

[SECURITY] New version of tcsh released

Package: tcsh Vulnerability: local exploit Debian-specific: no Proton reported on bugtraq that tcsh did not handle in-here documents correctly. The version of tcsh that is distributed with Debian GNU/Linux 2.2r0 also suffered from this problem. When using in-here documents using the syntax tcsh...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2000/10/26 12:0 a.m.31 views

Очередная уязвимость в Internet Explorer (Java Object)

Через OBJECT c CLASSID="JAVA" можно обращаться к локальным документам...

0.8AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2000/10/20 12:0 a.m.44 views

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

0.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2000/09/12 12:0 a.m.36 views

Дырка в SiteMinder

С помощью специально сконструированной URL можно получить доступ к закрытым документам, кроме того, можно получить исходные тексты CGI-приложений...

0.6AI score
Exploits0References1Affected Software1
FreeBSD Advisory
FreeBSD Advisory
added 2000/08/14 12:0 a.m.6 views

FreeBSD-SA-00:38.zope

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:38 Security Advisory FreeBSD, Inc. Topic: zope port allows remote modification of DTML documents Category: ports Module: zope Announced: 2000-08-14 Credits: Unknown...

5.9AI score
Exploits0
securityvulns
securityvulns
added 2000/07/15 12:0 a.m.43 views

Очередная дырка в IE - DHTMLED AttiveX

Элемент ActiveX позволяет редактирование документов, но не проверяет обращение к DOM, что позволяет прочитать любой локальный документ или документ из Intranet - сети...

0.7AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2000/04/26 4:0 a.m.16 views

CVE-2000-0288

Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable...

6.7AI score0.02397EPSS
Exploits0References1
Rows per page
Query Builder