Lucene search
K

803 matches found

Prion
Prion
added 2007/05/08 11:19 p.m.25 views

Memory corruption

Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption...

9.3CVSS7.6AI score0.31562EPSS
Exploits0References11Affected Software1
securityvulns
securityvulns
added 2007/05/08 12:0 a.m.58 views

Microsoft Offcie multiple security vulnerabilities

Memory corruption on drawing objects parsing...

9.3CVSS3.4AI score0.31562EPSS
Exploits0References1Affected Software1
CERT
CERT
added 2007/05/08 12:0 a.m.42 views

Microsoft Office drawing object vulnerability

Overview Microsoft Office fails to properly handle malformed drawing objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Office fails to properly handle malformed drawing objects embedded within Office documents. By convincing ...

9.3CVSS6.9AI score0.31562EPSS
Exploits0References1
Fedora
Fedora
added 2007/03/27 4:13 p.m.31 views

[SECURITY] Fedora Core 5 Update: openoffice.org-2.0.2-5.21.2

OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office...

9.3CVSS0.5AI score0.05748EPSS
Exploits0
seebug.org
seebug.org
added 2007/03/24 12:0 a.m.27 views

Inkscape恶意URI格式串漏洞

Inkscape是一个开放原始码的向量绘图软件。 Inkscape处理恶意URI存在格式串问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linu...

7AI score
Exploits0
Prion
Prion
added 2007/03/22 11:19 p.m.11 views

Sql injection

SQL injection vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter...

7.5CVSS9AI score0.01001EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2007/03/22 11:19 p.m.9 views

Directory traversal

Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...

5CVSS6.8AI score0.01441EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/03/22 11:19 p.m.7 views

CVE-2007-1601

Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...

5CVSS6.6AI score0.01441EPSS
Exploits0References4
CVE
CVE
added 2007/03/22 11:0 p.m.38 views

CVE-2007-1601

The CVE-2007-1601 entry concerns a directory traversal in Weekly Drawing Contest 0.0.1, where check_vote.php allegedly allows remote attackers to read arbitrary files via .. in the order parameter. The description also notes that another researcher disputes this vulnerability, stating that the or...

5CVSS6.6AI score0.01441EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/03/22 11:0 p.m.49 views

CVE-2007-1602

The CVE-2007-1602 entry describes an SQL injection vulnerability in check_vote.php of Weekly Drawing Contest 0.0.1. The vulnerability allows remote attackers to craft a request using the order parameter to execute arbitrary SQL commands, potentially compromising data confidentiality and integrity...

7.5CVSS8.4AI score0.01001EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/03/22 11:0 p.m.16 views

CVE-2007-1601

Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...

6.6AI score0.01441EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/03/22 11:0 p.m.17 views

CVE-2007-1602

SQL injection vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter...

8.4AI score0.01001EPSS
Exploits0References2
CVE
CVE
added 2007/03/22 11:0 p.m.43 views

CVE-2007-1603

CVE-2007-1603 describes an authentication bypass in admin/contest.php of the Weekly Drawing Contest 0.0.1, enabling remote attackers to bypass login and insert new contest information via a direct POST request. The CVSS vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) yields a base score of 7.5 (HIGH), indica...

7.5CVSS6.4AI score0.01335EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2007/03/22 12:0 a.m.2 views

PT-2007-2983 · Unknown · Weekly Drawing Contest

Name of the Vulnerable Software and Affected Versions: Weekly Drawing Contest version 0.0.1 Description: The issue allows remote attackers to potentially read arbitrary files via a .. dot dot in the order parameter in the check vote.php file. However, it is noted that another researcher disputes...

5CVSS7AI score0.01441EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2007/03/14 12:0 a.m.21 views

wdc-lfi.txt

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Weekly Drawing Contest = checkvote.php Remote File Disclosure Vuln Script: Weekly Drawing Contest Version: 0.0.1 S!Te: http://www.hotscripts.com/jump.php?listingid=52638&jumptype=1 Discover: BorN To K!LL...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/03/13 12:0 a.m.52 views

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Weekly Drawing Contest = checkvote.php Remote File Disclosure Vuln Script: Weekly Drawing Contest Version: 0.0.1 S!Te: http://www.hotscripts.com/jump.php?listingid=52638&jumptype=1 Discover: BorN To K!LL...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2007/03/13 12:0 a.m.22 views

Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion

source: https://www.securityfocus.com/bid/22937/info Weekly Drawing Contest is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view local files on the affected webserver. This issue...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2007/02/13 9:0 p.m.29 views

CVE-2007-0209

Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption...

7.5AI score0.29093EPSS
Exploits0References7
Symantec
Symantec
added 2007/02/13 12:0 a.m.16 views

Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...

1.1AI score
Exploits0Affected Software3
Fedora
Fedora
added 2007/02/12 5:28 p.m.38 views

[SECURITY] Fedora Core 5 Update: gd-2.0.33-7.fc5

The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...

7.5CVSS2.7AI score0.11694EPSS
Exploits0
Rows per page
Query Builder