[Full-disclosure] OpenOffice DOC document Heap Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenOffice DOC document Heap Overflow Security Advisory Advisory:ADLAB-05001 OpenOffice DOC document Heap Overflow Class: Design Error DATE:30/3/2005 CVEID:CAN-2005-0941 Vulnerable: =OpenOffice OpenOffice 1.1.4 -OpenOffice OpenOffice 2.0dev...

Debian DSA-587-1 : freeamp - buffer overflow

Luigi Auriemma discovered a buffer overflow condition in the playlist module of freeamp which could lead to arbitrary code execution. Recent versions of freeamp were renamed into zinf. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

PHP: Memory disclosure and arbitrary location file upload

Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description Stefano Di Paola discovered two bugs in PHP. The first is a parse...

linux/x86 ipchains -F 49 bytes

linux/x86 ipchains -F 49 bytes. Shellcode exploit for linx86 platform include include / asm" sub $0x4,%esp Con esto conseguimos que la shellcode nunca se popl %esp sobreescriba... gracias RaiSe : xorl %edx,%edx %edx a cero pushl %edx y ponemos los zeros del final del string en memoria pushw $0x46...

MDKSA-2004:094 - Updated printer-drivers packages fix vulnerability in foomatic

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: printer-drivers Advisory ID: MDKSA-2004:094 Date: September 15th, 2004 Affected versions: 10.0, 9.2 Problem Description: The foomatic-rip filter, which is part of foomatic-filters package, contains ...

qpopper < 3.0.1b2 EIUDL Arbitrary Command Execution

Binary data 1784.prm...

CVE-2004-0227

Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string...

Oracle9i Database contains buffer overflow in NUMTOYMINTERVAL() function

Overview Oracle9i Database contains a buffer overflow in the NUMTOYMINTERVAL function which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description A buffer overflow exists in the NUMTOYMINTERVAL function. Thi...

PSOProxy 0.91 - Remote Buffer Overflow (1)

PSOProxy 0.91 - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/9706/info It has been reported that PSOProxy is prone to a remote buffer overflow vulnerability. The issue is due to the insufficient boundary checking. A malicious user may exploit this condition to potentially...

HTMLToNuke - Cross-Site Scripting

HTMLToNuke - Cross-Site Scripting source: https://www.securityfocus.com/bid/8174/info A vulnerability has been reported in htmltonuke that may result in web code execution in the browser of visiting users. This code would be executed in the security context of the site hosting the vulnerable...

[SECURITY] [DSA-322-1] New typespeed packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 322-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 16th, 2003 http://www.debian.org/security/faq -...

Microsoft BizTalk Server Multiple Remote Vulnerabilities

The remote host seems to be running Microsoft BizTalk server. There are two flaws in this software that could allow an attacker to issue a SQL insertion attack or to execute arbitrary code on the remote host. Note that Nessus solely relied on the presence of a Biztalk DLL to issue this alert so i...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (2)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 2 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

DCP-Portal lib.php root Parameter Remote File Inclusion

DCP-Portal has a remote file include vulnerability. A remote attacker could exploit this to execute arbitrary PHP code in the context of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. DCP-Portal Cross Site Scripting Bugs From: "Frog Man" To: [email protected] Subject...

phpWebSite 0.8.2 - PHP File Inclusion

phpWebSite 0.8.2 - PHP File Inclusion source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an...

Security Bulletin MS02-052: Flaw in Java VM JDBC Classes Could Allow Code Execution &#40;Q329077&#41;

---------------------------------------------------------------------- Title: Flaw in Microsoft VM JDBC Classes Could Allow Code Execution Q329077 Released: 18 September 2002 Software: Versions of the Microsoft virtual machine Microsoft VM Impact: Three vulnerabilities, the most serious of which...

ibrow NewsDesk does not securely handle input passed to open()

Overview A vulnerability in ibrow NewsDesk allows an attacker to view files and execute operating system commands with the privileges of the web server. Description ibrow NewsDesk is a Perl CGI script that is designed to create and display news articles on a web site. The code for NewsDesk is...

cgi vulnerability

hi all I found a security hole in Book of guests and Post it! written by Seth Leonard. It is available at http://www.dreamcachersweb.com The problem is that this script doesn't filter out ANY metacharacters from the input and pass it to the shell. Therefore by writing something like...

[SECURITY] [DSA-073-1] 3 security problems in imp

Package : imp Problem type : 3 remote exploits Debian-specific: no The Horde team released version 2.2.6 of IMP a web based IMAP mail program which fixes three security problems. Their release announcement describes them as follows: 1. A PHPLIB vulnerability allowed an attacker to provide a value...

CVE-2001-0501

Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner...