65 matches found
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files...
PT-2024-17044 · Irfan Skiljan · Irfanview
Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...
Soft4e ECW-Shop 6.0.2 Index.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14579/info ECW Shop is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...
ECW Shop 6.0.2 Index.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14578/info ECW Shop is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. This type of exploitation could allow for theft of cookie-based authenticati...
XnView ECW Image Processing Heap Overflow
No description provided by source. Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3...
Soft4e ECW-Shop 6.0.2 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14576/info ECW Shop is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack ma...
IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow
No description provided by source. Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...
Soft4e ECW-Cart 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15890/info ECW-Cart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
IrfanView Formats Plugin ECW Plugin File Handling Buffer Overflow Vulnerability
The version of the IrfanView Formats ECW plugin NCSEcw.dll was found to be less than 4.34. Such versions are affected by a heap-based buffer overflow caused by insufficient validation when decompressing ECW images. An attacker could exploit this vulnerability to execute arbitrary code by tricking...
XnView < 1.99.0 Multiple Buffer Overflow Vulnerabilities
The version of XnView installed on the remote Windows host is earlier than 1.99.0. It therefore is reportedly affected by the following heap-based buffer overflow vulnerabilities : - An integer truncation issue exists related to the handling of the depth value in 'Sun Raster' RAS image files. - A...
XnView - .ECW Image Processing Heap Overflow
XnView - .ECW Image Processing Heap Overflow Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timelin...
XnView - '.ECW' Image Processing Heap Overflow
Application: XnView ECW Image Processing Heap Overflow Platforms: Windows Secunia: SA49091 PRL: 2012-13 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction 2 Report Timeline 3 Technical details 4 The Code...
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website:...
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow
Application: IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow Plateform: Windows Exploitation: Remote code execution Secunia Number: SA49204 PRL: 2012-10 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/ Twitter: @ProtekResearch 1 Introduction...
Oracle Document Capture Multiple Vulnerabilities
The Oracle Document Capture client installed on the remote host is potentially affected by multiple vulnerabilities : - An unspecified vulnerability exists in the Import Export utility. An attacker can exploit this to affect integrity. CVE-2010-3598 - An information disclosure vulnerability exist...
CVE-2007-4470
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...
Stack overflow
Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vectors...
Earth Resource Mapping NCSView ActiveX control stack buffer overflows
Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...
CVE-2005-4290
Cross-site scripting XSS vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 kword, 2 max, 3 min, 4 comp, and 5 f parameters...
CVE-2005-4290
The CVE-2005-4290 entry describes a cross-site scripting (XSS) vulnerability in ECW-Cart 2.03 and earlier, located in index.cgi. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the parameters (1) kword, (2) max, (3) min, (4) comp, and (5) f. Affected software ...