Lucene search
+L

65 matches found

Zero Day Initiative
Zero Day Initiative
added 2024/11/21 12:0 a.m.13 views

IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files...

7.8CVSS6.9AI score0.00438EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-17044 · Irfan Skiljan · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

7.8CVSS7.2AI score0.00438EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

Soft4e ECW-Shop 6.0.2 Index.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14579/info ECW Shop is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

ECW Shop 6.0.2 Index.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14578/info ECW Shop is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. This type of exploitation could allow for theft of cookie-based authenticati...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

XnView ECW Image Processing Heap Overflow

No description provided by source. Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Soft4e ECW-Shop 6.0.2 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14576/info ECW Shop is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack ma...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow

No description provided by source. Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15890/info ECW-Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/07/05 12:0 a.m.39 views

IrfanView Formats Plugin ECW Plugin File Handling Buffer Overflow Vulnerability

The version of the IrfanView Formats ECW plugin NCSEcw.dll was found to be less than 4.34. Such versions are affected by a heap-based buffer overflow caused by insufficient validation when decompressing ECW images. An attacker could exploit this vulnerability to execute arbitrary code by tricking...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/06/20 12:0 a.m.43 views

XnView < 1.99.0 Multiple Buffer Overflow Vulnerabilities

The version of XnView installed on the remote Windows host is earlier than 1.99.0. It therefore is reportedly affected by the following heap-based buffer overflow vulnerabilities : - An integer truncation issue exists related to the handling of the depth value in 'Sun Raster' RAS image files. - A...

6.8CVSS6AI score0.08319EPSS
Exploits2References11
exploitpack
exploitpack
added 2012/06/16 12:0 a.m.37 views

XnView - .ECW Image Processing Heap Overflow

XnView - .ECW Image Processing Heap Overflow Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timelin...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2012/06/16 12:0 a.m.32 views

XnView - &#039;.ECW&#039; Image Processing Heap Overflow

Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3 Technical details 4 The Code...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/06/01 12:0 a.m.24 views

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/06/01 12:0 a.m.32 views

IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/02/04 12:0 a.m.2416 views

Oracle Document Capture Multiple Vulnerabilities

The Oracle Document Capture client installed on the remote host is potentially affected by multiple vulnerabilities : - An unspecified vulnerability exists in the Import Export utility. An attacker can exploit this to affect integrity. CVE-2010-3598 - An information disclosure vulnerability exist...

9.4CVSS6.4AI score0.16177EPSS
Exploits20References9
NVD
NVD
added 2007/09/10 5:17 p.m.15 views

CVE-2007-4470

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS7.8AI score0.06628EPSS
Exploits0References6
Prion
Prion
added 2007/09/10 5:17 p.m.19 views

Stack overflow

Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8.1AI score0.06628EPSS
Exploits0References6Affected Software1
CERT
CERT
added 2007/09/06 12:0 a.m.42 views

Earth Resource Mapping NCSView ActiveX control stack buffer overflows

Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...

9.3CVSS7.3AI score0.06628EPSS
Exploits0References4
NVD
NVD
added 2005/12/16 11:3 a.m.13 views

CVE-2005-4290

Cross-site scripting XSS vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 kword, 2 max, 3 min, 4 comp, and 5 f parameters...

4.3CVSS5.7AI score0.01752EPSS
Exploits1References5
CVE
CVE
added 2005/12/16 11:0 a.m.40 views

CVE-2005-4290

The CVE-2005-4290 entry describes a cross-site scripting (XSS) vulnerability in ECW-Cart 2.03 and earlier, located in index.cgi. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameters (1) kword, (2) max, (3) min, (4) comp, and (5) f. Affected software ...

4.3CVSS6AI score0.01752EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder