923 matches found
vim: arbitrary code execution in commands: K, Control-], g]
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...
CVE-2008-4131
Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with 1 the -t option and 2 the :tag command in the a vi, b ex, c vedit, d view, and e edit programs...
DEBIAN-CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...
CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...
vim-sanitize.txt
Vim: Arbitrary Code Execution in Commands: K, Control-, g 1. SUMMARY Product : Vim -- Vi IMproved Versions : 3.0--current, possibly older Impact : Arbitrary code execution Wherefrom: Local Original : http://www.rdancer.org/vulnerablevim-K.html Insufficient sanitization can lead to Vim executing...
CAU-EX-2008-0001.txt
/ \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Exploit Code ===============/======================================================== Exploit ID:...
CVE-2007-6492
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to cause a denial of service Internet Explorer 7 crash via an empty string in the argument to the ProcessRequestEx method...
CVE-2007-3834
Multiple cross-site scripting XSS vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835...
CVE-2007-3835
Cross-site scripting XSS vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835...
Cross site scripting
Cross-site scripting XSS vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search...
CVE-2007-3834
CVE-2007-3834 covers multiple XSS vulnerabilities in Ex Libris ALEPH (and note may be related to the MetaLib XSS issue CVE-2007-3835). Affected: Ex Libris ALEPH; vulnerability type: cross-site scripting via unspecified vectors in a URL discoverable by keyword search. Impact details are limited to...
CVE-2007-3834
Multiple cross-site scripting XSS vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835...
CVE-2007-3835
CVE-2007-3835 has confirmed XSS in Ex Libris MetaLib 3.13 and 4. An attacker can inject arbitrary web script/HTML via an unspecified vector related to a resource identifier that can be discovered through a search. The vulnerability is remote in scope and leverages the user’s interaction with sear...
CVE-2007-3835
Cross-site scripting XSS vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search...
win32 IsDebuggerPresent ShellCode (NT/XP) 39 bytes
Exploit for win32 platform in category shellcode ================================================== win32 IsDebuggerPresent ShellCode NT/XP 39 bytes ================================================== / Shellcode Length: 39 bytes / / sets PEB-BeingDebugged to 0 / / IsDebuggerPresent/BeingDebugged...
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
CVE-2006-6274
SQL injection vulnerability in articles.asp in Expinion.net iNews 1 Publisher iNP 2.5 and earlier, and possibly 2 News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The origina...
PHP Include Exploit in Mail Manage EX v3.1.8 and maybe others.
Description: PHP Include Exploit in Mail Manage EX v3.1.8 Compromise: a malicious PHP script from an external host may be included and executed. Vulnerable Systems: all system using mmex.php v3.1.8 and maybe lower not tested. Details: The PHP Include exploit exist in de folowing code,...
Mail Manage EX 3.1.8 MMEX - 'Settings' PHP Remote File Inclusion
source: https://www.securityfocus.com/bid/10457/info Mail Manage EX is reportedly prone to a remote file include vulnerability. This vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers...