Microsoft Windows Image Color Management System Code Execution Vulnerability (952954)

This host is missing a critical security update according to Microsoft Bulletin MS08-046. OpenVAS Vulnerability Test $Id: gbms08-046.nasl 5863 2017-04-05 07:38:11Z antu123 $ Microsoft Windows Image Color Management System Code Execution Vulnerability 952954 Authors: Chandan S Copyright: Copyright...

Fedora 8 : phpMyAdmin-2.11.9.1-1.fc8 (2008-8269)

This update by upstream to phpMyAdmin 2.11.9.1 solves a not yet clearly specified code execution vulnerability. - auth Links to version number on login screen - core PMA does not start if iniset is disabled - bookmarks Saved queries greater than 1000 chars not displayed - export Export type...

CVE-2008-4206

PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the relpath parameter...

WebPortal CMS 0.7.4 - 'code' Remote Code Execution

WebPortal POC : /index.php?m=admin&f=console&action=execute&code=id; passthruid; milw0rm.com 2008-09-23...

Microsoft Office WPG图形文件处理堆溢出漏洞（MS08-044）

BUGTRAQ ID: 30598 CVECAN ID: CVE-2008-3021 Microsoft Office是非常流行的办公软件套件。 Office的WPGIMP32.FLT模块没有正确地处理office文档中的PICT图形，如果PICT图形文件中包含有超长的bitsperpixel字段的话，则打开该文件就可能触发堆溢出，导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office Converter Pack Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3...

CVE-2008-1381

ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL...

Symantec the presence of a remote execution vulnerability 0day-vulnerability warning-the black bar safety net

milw0rm to this morning published a Symantec remote execution vulnerability EXP DEMO code, a hacker can simply modify the Code of the SHELLCODE, and then after ALPHA2 coding can be constructed in a download virus web Trojan. It has yet to intercept to exploit the vulnerability of the net horse...

CVE-2008-0984

The MP4 demuxer mp4.c for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file...

CVE-2008-0283

PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling

This module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully tested on Windows 2000 SP4, Windows XP...

CVE-2007-5574

PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...

CVE-2007-5313

PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2007-5053

Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in 1 the adminhome parameter to modules/poll/pollsummary.php or 2 the rootdp parameter to include/db.php; or a URL in the languagehome parameter to 3...

XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution

source: https://www.securityfocus.com/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of...

CVE-2007-4842

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...

Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability

Description Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files. Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files WMZ or WMD files. Note that users must attempt ...

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)

The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an...

symfony 1.0.5 released (security fix)

I've just released symfony 1.0.5. If you use the symfony built-in phpmailer and you do if you use the -sendMail method in your actions, you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380. PHPMailer has a remote...

CVE-2007-2769

CVE-2007-2769 affects BES prior to 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1. The issue arises from improper handling of compressed files, enabling remote attackers to upload arbitrary files or execute arbitrary commands via a crafted compressed file. No further details on exploit methods or fixed...

CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...