803 matches found
Memory corruption
Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption...
Microsoft Offcie multiple security vulnerabilities
Memory corruption on drawing objects parsing...
Microsoft Office drawing object vulnerability
Overview Microsoft Office fails to properly handle malformed drawing objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Office fails to properly handle malformed drawing objects embedded within Office documents. By convincing ...
[SECURITY] Fedora Core 5 Update: openoffice.org-2.0.2-5.21.2
OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office...
Inkscape恶意URI格式串漏洞
Inkscape是一个开放原始码的向量绘图软件。 Inkscape处理恶意URI存在格式串问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linu...
Sql injection
SQL injection vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter...
Directory traversal
Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...
CVE-2007-1601
Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...
CVE-2007-1601
The CVE-2007-1601 entry concerns a directory traversal in Weekly Drawing Contest 0.0.1, where check_vote.php allegedly allows remote attackers to read arbitrary files via .. in the order parameter. The description also notes that another researcher disputes this vulnerability, stating that the or...
CVE-2007-1602
The CVE-2007-1602 entry describes an SQL injection vulnerability in check_vote.php of Weekly Drawing Contest 0.0.1. The vulnerability allows remote attackers to craft a request using the order parameter to execute arbitrary SQL commands, potentially compromising data confidentiality and integrity...
CVE-2007-1601
Directory traversal vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. dot dot in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows...
CVE-2007-1602
SQL injection vulnerability in checkvote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter...
CVE-2007-1603
CVE-2007-1603 describes an authentication bypass in admin/contest.php of the Weekly Drawing Contest 0.0.1, enabling remote attackers to bypass login and insert new contest information via a direct POST request. The CVSS vector (AV:N/AC:L/Au:N/C:P/I:P/A:P) yields a base score of 7.5 (HIGH), indica...
PT-2007-2983 · Unknown · Weekly Drawing Contest
Name of the Vulnerable Software and Affected Versions: Weekly Drawing Contest version 0.0.1 Description: The issue allows remote attackers to potentially read arbitrary files via a .. dot dot in the order parameter in the check vote.php file. However, it is noted that another researcher disputes...
wdc-lfi.txt
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Weekly Drawing Contest = checkvote.php Remote File Disclosure Vuln Script: Weekly Drawing Contest Version: 0.0.1 S!Te: http://www.hotscripts.com/jump.php?listingid=52638&jumptype=1 Discover: BorN To K!LL...
Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= Weekly Drawing Contest = checkvote.php Remote File Disclosure Vuln Script: Weekly Drawing Contest Version: 0.0.1 S!Te: http://www.hotscripts.com/jump.php?listingid=52638&jumptype=1 Discover: BorN To K!LL...
Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion
source: https://www.securityfocus.com/bid/22937/info Weekly Drawing Contest is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view local files on the affected webserver. This issue...
CVE-2007-0209
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption...
Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the current...
[SECURITY] Fedora Core 5 Update: gd-2.0.33-7.fc5
The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. This is particularly useful in Web applications, where PNG and JPEG are two of the...