InstallShield InstallFromTheWeb ActiveX Control Multiple Overflows

InstallFromTheWeb IFTW, a web-enabled software installation product from InstallShield, is installed on the remote host. The version of InstallFromTheWeb on the remote host includes an ActiveX control that is reportedly affected by multiple and, as yet, unspecified buffer overflow vulnerabilities...

Design/Logic Flaw

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

CVE-2007-0675

A certain ActiveX control in sapi.dll aka the Speech API in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sou...

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control DlgWrapper.dll before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long 1 FileName or 2 Filter argument...

CVE-2006-6488

The CVE-2006-6488 issue is a stack-based buffer overflow in ICONICS Dialog Wrapper Module ActiveX (DlgWrapper.dll) DoModal function, exploited by ICONICS OPC-enabled Gauge/Switch/Vessel ActiveX prior to version 8.4.166.0. An attacker can remotely execute arbitrary code by sending a long FileName ...

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control DlgWrapper.dll before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long 1 FileName or 2 Filter argument...

First Response < 1.1.1 Multiple Vulnerabilities

The remote host contains a version of First Response, an incident response tool, that is affected by multiple vulnerabilities. If the First Response agent fragent is configured to listen for remote SSL-enabled connections, it is reportedly possible to disable the agent remotely by sending a serie...

3comtftp.txt

Doesn't look like SEH is being overwritten so I'm having trouble getting this to work with DEP-enabled XPSP2 and 2K3. Tested on XPSP2 and Win2K. Includes offsets for NT, 2K and XP call esi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= require 'msf/core' module Msf class...

CVE-2006-6056

Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service crash via a malformed file stream that triggers a NULL pointer dereference in the superblockdoinit function, as demonstrated using an HFS filesystem image...

EUVD-2006-5417

Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when registerglobals is enabled, allow remote attackers to create or overwrite arbitrary files via the 1 emailto, 2 emailfrom, 3 nameto, 4 namefrom, 5 picture, 6 comment, or 7 sessionID parameter, as...

EUVD-2006-5384

PHP remote file inclusion vulnerability in classes/ImportMM.class.php in PHPRecipeBook 2.36, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the grbbasedir parameter...

EUVD-2006-5205

Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via the webyepsIncludePath in 1 files in the programm/lib/ directory including a WYApplication.php, b WYDocument.php, c WYEditor.php, d...

PT-2006-5643 · Telekorn · Telekorn Signkorn Guestbook

Name of the Vulnerable Software and Affected Versions: Telekorn SignKorn Guestbook SL versions 1.3 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir path parameter in multiple PHP files, including "index.php", "includes/functions.gb.php"...

Cisco IOS VTP Malformed Version Denial of Service Vulnerability

Cisco IOS contains a vulnerability in the VLAN Trunking Protocol VTP that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the VTP feature in several versions of Cisco IOS software does not properly handle malformed packe...

JavaScript code can cause the browser attack-vulnerability warning-the black bar safety net

Security researchers have found a Use JavaScript to scan the family and the enterprise network, and attacks on the network server, and the router and printer and other equipment of the method. Researchers say the malicious JavaScript code can be embedded in a Web page, use the browser to browse t...

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability

Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability July 10, 2006 Product Overview: The Juniper Networks Redline DX application acceleration platform delivers a complete data center acceleration solution for web-enabled and IP-based business applications. Vulnerability...

BASE base_qry_common.php file include

Added: 06/23/2006 CVE: CVE-2006-2685 BID: 18298 OSVDB: 25770 Background Snort is an open-source intrusion detection system. The Basic Analysis and Security Engine BASE is a web interface for analyzing Snort results. Problem If the registerglobals PHP option is enabled, the baseqrycommon.php scrip...

Remote file inclusion

PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the filepath parameter in 1 index.php, 2 feedback.php, and 3 printfriendly.php...

CVE-2006-2283

Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter in 1 auth.php and 2 authphpbb when the phpBB portal is enabled, and via a URL in the smfrootpath parameter in 3...

DEBIAN-CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...