php-Charts 'url.php'任意PHP代码执行漏洞

BUGTRAQ ID: 57448 php-Charts是PHP图表和绘图组件，为Web应用呈现动态的、数据驱动的、HTML5图表。 php-Charts 1.0及其他版本没有正确验证 wizard/url.php 内的GET参数值，即用在 "eval" 调用内，可被利用执行任意PHP代码。 0 php-Charts 1.x 厂商补丁： php-Charts ---------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://phpchart.net/...

Adobe Flash Player and AIR Malformed Tag Buffer Overflow (APSB12-22; CVE-2012-5266)

A remote code execution vulnerability has been reported in Adobe Flash Player...

WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow

Added: 12/27/2012 BID: 56678 OSVDB: 87881 Background WibuKey is a software protection and licensing solution. Problem A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted...

MapServer for Windows (MS4W) Bundled Apache / PHP Configuration Local File Inclusion

The MapServer for Windows installation on the remote host is affected by a local file inclusion vulnerability due to an error in the bundled Apache and PHP configurations. Successful exploitation may allow an attacker to view arbitrary files on the remote host or allow the execution of arbitrary...

Code injection

Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors...

Slackware: Security Advisory (SSA:2007-320-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache Struts Security Update (S2-012) - Active Check

Apache Struts is prone to a java method execution vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2011-5102

The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gatew...

Adobe Reader PDF File Invalid Value Code Execution (APSB12-16; CVE-2012-4151)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader...

Adobe Flash Player Font Parsing Code Execution Vulnerability - Linux

Adobe Flash Player is prone to unspecified code execution vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Integer overflow

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability."...

CVE-2012-3386

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

Zenoss 3.2.1 - (Authenticated) Remote Command Execution

source: https://www.securityfocus.com/bid/54793/info Zenoss is prone to the following security vulnerabilities: 1. Multiple arbitrary command-execution vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An open-redirection vulnerability 4. Multiple directory-traversal vulnerabilities 5...

CVE-2012-1661

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map .mxd file...

Adobe Flash Player ActionScript Integer Overflow (APSB12-14; CVE-2012-2036)

A remote code execution vulnerability has been reported in Adobe Flash Player...

[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability

CAL-2012-0026 Microsfot IE Same ID Property Remote Code Execution Vulnerability CVE ID: CVE-2012-1875 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0026-microsfot-ie-same-id-property-remote-code-execution-vulnerability/ 1...

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution

Useresponse 1.0.2 - Privilege Escalation Remote Code Execution !/usr/bin/python -------------------- | abuseresponse.py | -------------------- Useresponse = 1.0.2 privilege escalation & remote code execution exploit vendor: USWebStyle http://www.uswebstyle.com/ software: http://www.useresponse.co...

Apple iTunes '.m3u' Playlist Code Execution Vulnerability (Mac OS X)

This host is installed with Apple iTunes and is prone to code execution vulnerabilities. OpenVAS Vulnerability Test $Id: gbappleitunesplaylistcodeexecvulnmacosx.nasl 5956 2017-04-14 09:02:12Z teissa $ Apple iTunes '.m3u' Playlist Code Execution Vulnerability Mac OS X Authors: Rachana Shetty...

CVE-2012-2369

Format string vulnerability in the logmessagecb function in otr-plugin.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message...

CVE-2012-1144

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service invalid heap write operation and memory corruption or possibly execute arbitrary code via a crafted TrueType font...