39 matches found
CVE-2019-9609
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/editUploadImage URI...
Cisco Firepower System Software Security Bypass Vulnerability (CNVD-2018-05310)
Cisco Firepower System Software is a next-generation firewall product NGFW of Cisco USA. detection engine is one of the intrusion detection engine. A security vulnerability exists in the detection engine in Cisco Firepower System Software, which stems from the program's failure to properly detect...
CVE-2018-0138
A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected softwa...
FTGate 7 - Cross-Site Request Forgery
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-V7-CSRF.txt Vendor: ================================ www.ftgate.com www.ftgate.com/ftgate-update-7-0-300 Product: ================================ FTGate v7 Vulnerability Type:...
Microsoft Word内存破坏漏洞
BUGTRAQ ID: 64726 CVECAN ID: CVE-2014-0258 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 受影响Microsoft Word 软件解析特制文件时存在远程代码执行漏洞,成功利用这些漏洞后,可导致完全控制受影响系统。 0 Microsoft Word 2013 Microsoft Word 2010 Microsoft Word 2007 Microsoft Word 2003 临时解决方法: 安装配置MOICE为.doc文件的注册处理程序; 用Office文件阻止策略阻止打开.doc和.dot二进制文件;...
CVE-2011-2739
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...
Design/Logic Flaw
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...
CVE-2011-2739
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file...
CVE-2011-2739
EMC Documentum eRoom contains a flaw in its file-blocking feature that allows bypassing site-wide controls. In EMC Documentum eRoom 7.3.x and 7.4.x prior to 7.4.3.g, the validation for blocked file types is insufficient, enabling remote authenticated users to upload and open arbitrary files and p...
ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-032: EMC Documentum eRoom arbitrary file upload vulnerability. EMC Identifier: ESA-2011-032 CVE Identifier: CVE-2011-2739 Severity Rating: CVSS v2 Base Score: 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C Affected products: EMC SW: EMC Documentum eRoom 7.3...
Microsoft Office艺术绘图记录解析内存破坏漏洞(MS10-087)
BUGTRAQ ID: 44656 CVE ID: CVE-2010-3334 Microsoft Office是非常流行的办公软件套件。 Office在解析艺术绘图记录时没有充分地执行验证,如果msofbtSp记录指定了某些标志就可以触发内存破坏,导致执行任意代码。 Microsoft Office XP SP3 Microsoft Office for Mac 2011 Microsoft Office 2010 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Office 2003...
Microsoft Word RTF解析引擎堆溢出漏洞(MS10-056)
BUGTRAQ ID: 42133 CVE ID: CVE-2010-1902 Word是微软Office套件中的文字处理工具。 在处理RTF文档中的某些绘图对象控制字时,Word未经长度检查便将属性值拷贝到了堆缓冲区上,触发堆溢出。成功利用此漏洞的攻击者可以获得与本地用户相同的权限。 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac Microsoft Word 2007 SP2 Microsoft Word 2003 SP3 Microsoft Word 2002 SP3 临时解决方法: 以纯文本格式阅读电子邮件。...
Outlook Web Access Attachment Access
This trick is mostly useful but can also be used for wrong purposes. Since it is so simple, it’s probably already known for some people. If someone sends you a file through OWA but the file is blocked by a policy, this is what you can do: 1-Install firefox 2-Access your email and attachment with...
Microsoft Excel畸形对象远程内存破坏漏洞(MS09-009)
BUGTRAQ ID: 34413 CVECAN ID: CVE-2009-0100 Excel是微软Office套件中的电子表格工具。 如果用户打开带有畸形对象的特制Excel文件,Office Excel中的漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统,攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Excel Viewer 2003 SP3 Microsoft Excel Viewer Microsoft Excel 2007 SP1 Microsoft Excel 2003 SP3 Microsoft...
PowerPoint畸形文件解析代码执行漏洞
BUGTRAQ ID: 34351 CVECAN ID: CVE-2009-0556 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint在解析特制的PPT文件时可能会导致访问内存中的无效对象,这可能允许攻击者执行任意代码。目前这个漏洞正在被名为Exploit:Win32/Apptom.gen的病毒积极的理由。 Microsoft PowerPoint 2004 for Mac Microsoft PowerPoint 2003 SP3 Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint...
Microsoft Excel富文本值堆溢出漏洞(MS08-014)
BUGTRAQ ID: 28168 CVECAN ID: CVE-2008-0116 Excel是微软Office办公软件家族中的电子表格工具。 Excel在解析BIFF文件格式时存在堆溢出漏洞,成功利用这个漏洞的攻击者可能以当前登录用户的权限执行任意指令。 如果处理了畸形的标签,就可能由用户控制堆分配,在将用户提供的数据拷贝到堆缓冲区时就可以触发这个溢出,覆盖任意内存。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3...
Microsoft Office单元格标注解析内存破坏漏洞(MS08-016)
BUGTRAQ ID: 28146 CVECAN ID: CVE-2008-0118 Microsoft Office是非常流行的办公软件套件。 Office处理特制Office文件的方式存在内存分配错误,如果用户受骗打开了畸形文件的话,就可能导致执行任意指令。 Microsoft Office XP SP3 Microsoft Office 2004 for Mac Microsoft Office 2003 Service Pack 2 Microsoft Office 2000 SP3 临时解决方法: 在打开未知或不可信任来源的文件时,使用Microsoft...
CVE-2001-0530
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters...
CVE-2001-0530
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters...