114 matches found
Debian DSA-1215-1 : xine-lib - several vulnerabilities
Several remote vulnerabilities have been discovered in the Xine multimedia library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4799 The XFocus Security Team discovered that insufficient...
EUVD-2006-5040
PHP remote file inclusion vulnerability in admin/testing/tests/0004initurls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the initpath parameter...
EUVD-2006-3174
PHP remote file inclusion vulnerability in Admin/rtfparser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter...
EUVD-2006-2842
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REXINCLUDEPATH parameter to imageresize/pages/index.inc.php...
CVE-2006-2568
UBB.threads vulnerability CVE-2006-2568 is a remote file inclusion in addpost_newpoll.php, where the thispath parameter is consumed by PHP include() without proper sanitization. Affected versions are UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial). Exploitation can enable an attacker to view ar...
KLA10311 ACE vulnerability in multiple software
A buffer overflow was found in the WinACE compression utility, which is used in multiple products. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed ACE filename. Original advisories - Related product...
PuTTY: Remote code execution
Background PuTTY is a popular SSH client, PSCP is a secure copy implementation, and PSFTP is a SSH File Transfer Protocol client. Description Two vulnerabilities have been discovered in the PSCP and PSFTP clients, which can be triggered by the SFTP server itself. These issues are caused by the...
HP-UX PHSS_28090 : HP-UX Running Apache, Increased Privileges or Denial of Service (DoS) or Execution of Arbitrary Code (HPSBUX00224 SSRT2393 rev.3)
s700800 11.04 Virtualvault 4.6 IWS update. : Potential vulnerability regarding ownership permissions of System V shared memory based scoreboards. CERT VU825353, CVE CAN-2002-0839 Potential cross-site scripting vulnerability in the default error page when using wildcard DNS. CERT VU240329, CVE...
AIX 4.3.3/5.x - Getlvcb Command Line Argument Buffer Overflow (2)
// source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Data that exceeds the size of the reserved buffer will overflo...
Samhain Labs 1.x - HSFTP Remote Format String
/ source: https://www.securityfocus.com/bid/9715/info hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. Ultimately this vulnerability could allow for execution of arbitrary code on the...
Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention
Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention source: https://www.securityfocus.com/bid/8879/info A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can...
CVE-2003-0581
X Fontserver for Truetype fonts xfstt 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a 1 FSQueryXExtents8 or 2 FSQueryXBitmaps8 packet, and possibly other types of packets, with a large numranges value, which causes an out-of-bounds array access...
MS03-005: Unchecked Buffer in XP Redirector (810577)
The remote version of Windows contains a buffer overflow in the Windows Redirector service that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11231; scriptversion"1.37";...
CVE-2001-0365
In the provided records, CVE-2001-0365 affects Eudora before 5.1. The vulnerability arises when the email client is configured with “Use Microsoft Viewer” and “allow executables in HTML content” enabled, allowing a remote attacker to execute arbitrary code via an HTML email containing Javascript ...