Microsoft Visual Studio和Internet Explorer未明远程代码执行漏洞

Bugraq ID: 35804 CNCAN ID：CNCAN-2009072803 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft Internet Explorer是一款流行的WEB浏览器。 Blackhat会议公布了Microsoft Visual Studio和Internet Explorer的未明安全问题，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 目前没有详细漏洞细节提供。 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 0...

openSUSE Security Update : kde4-akonadi (kde4-akonadi-806)

This kdepim4 and kdepimlibs4 update fixes lots of bugs and one security issue : KMail 4.1.x executes links in mail without confirmation. no cve assigned yet It also fixes lots of non-security bugs : kdepim4 : - kdepim: make sure we initially create items for subresources - kdepim: fix...

openSUSE Security Update : libsatsolver (libsatsolver-266)

A remotely exploitable code execution vulnerability via shell metachars has been fixed in libzypp. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update libsatsolver-266. The text description of thi...

USN-804-1: PulseAudio vulnerability

Tavis Ormandy, Julien Tinnes, and Yorick Koster discovered that PulseAudio did not safely re-execute itself. A local attacker could exploit this to gain root privileges...

CVE-2009-1383

The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag...

Directory traversal

Multiple directory traversal vulnerabilities in fuzzylime cms 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. dot dot in 1 the s parameter to code/commupdate.php in a count action or 2 the heads parameter to code/newsheads.php. NOTE: the blog.php vector...

StoneTrip Ston3D Standalone Player Code Execution Vulnerability (Linux)

This host is installed with StoneTrip Ston3D Standalone Player and is prone to Code Execution vulnerability. OpenVAS Vulnerability Test $Id: gbston3dprdtscodeexecvulnlin.nasl 4869 2016-12-29 11:01:45Z teissa $ StoneTrip Ston3D Standalone Player Code Execution Vulnerability Linux Authors: Nikita M...

Microsoft DirectX QuickTime媒体文件解析代码执行漏洞

BUGTRAQ ID: 35139 CVECAN ID: CVE-2009-1537 Microsoft DirectX是Windows操作系统中的一项功能，流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 DirectX的DirectShow组件（quartz.dll）在解析畸形的QuickTime媒体文件时存在错误，用户受骗打开了恶意的媒体文件就会导致执行任意代码。由于用户可能在浏览器中安装媒体播放插件，因此访问恶意网页就足以导致播放QuickTime文件，触发Quartz.dll中的漏洞。 Microsoft DirectX 9.0 Microsoft DirectX 8.1...

HP-UX Update for envd HPSBUX02073

Check for the Version of envd OpenVAS Vulnerability Test HP-UX Update for envd HPSBUX02073 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the G...

DSquare Exploit Pack: D2SEC_SYMIAO

Name| d2secsymiao ---|--- CVE| CVE-2009-1429 Exploit Pack| D2ExploitPack Description| Symantec Intel Alert Originator Service Command Execution Vulnerabilty Notes|...

CVE-2009-1438

Integer overflow in the CSoundFile::ReadMed function src/loadmed.cpp in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted 1 song comment or 2 song name, which triggers a...

DNS Tools (PHP Digger) - Remote Command Execution

DNS Tools PHP Digger Remote Command Execution + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Remote Command Execution - Vulnerable code in dig.php ------------------------------------------ $ns = $GET'ns'; system "dig @$ns $host $querytype";...

xpdf code execution

xpdfrc file from current location may be processed...

CVE-2009-0422

Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when registerglobals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the SERVERConfigFile parameter to admin/index.php...

fttss 2.0 - Remote Command Execution

fttss 2.0 - Remote Command Execution :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl fttss /tmp/dupa; HTTP/1.x 200 OK Date: Sun, 11 Jan 2009 16:24:57 GMT Server: Apache...

php168 v2008 default setting of the disaster-vulnerability warning-the black bar safety net

index.php Section 6 3 line start 1. elseif$webdbNewsMakeHtml==1 //if it is to generate static and... 2. 3. $content=obgetcontents; 4. obendclean; 5. obstart; //spare 6. $content=makehtml$content,'index'; 7. echo "$content"; 8. makehtml function code 1. function makehtml$content,$pagetype=" 2...

CVE-2008-4794

Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696...

Windows Server Service buffer overflow MS08-067

Added: 10/24/2008 CVE: CVE-2008-4250 BID: 31874 OSVDB: 49243 Background The Windows Server service supports file, print, and named-pipe sharing over the network. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted RPC reques...

CVE-2008-3466

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...

Authentication flaw

Microsoft Host Integration Server HIS 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS...