PT-2004-3039 · Baal · Baal Smart Forms

Name of the Vulnerable Software and Affected Versions: Baal Smart Forms versions prior to 3.2 Description: The issue allows remote attackers to bypass authentication and obtain system access via a direct request to "regadmin.php". Recommendations: For versions prior to 3.2, update to version 3.2 ...

CVE-2004-0847

CVE-2004-0847 refers to a path canonicalization vulnerability in ASP.NET that could allow remote attackers to bypass authentication for restricted .aspx resources by supplying a backslash () or its encoding (%5C) in the request. Connected advisories confirm this affects ASP.NET in the .NET Framew...

[SA12649] Baal Smart Forms "Admin Change Password" Security Bypass

TITLE: Baal Smart Forms "Admin Change Password" Security Bypass SECUNIA ADVISORY ID: SA12649 VERIFY ADVISORY: http://secunia.com/advisories/12649/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: Baal Smart Forms 3.x http://secunia.com/product/3949/ DESCRIPTION: ...

CVE-2004-0194

Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format XFDF data...

MSWordPW.txt

Hi ... There are several vulnerabilities published/discussed regarding MS Word MS Office in general, however, 'tis is the most "no brainer" I've discovered ... Vulnerability: Password protected document that has "tracked changes, comments or forms" password protected Vulnerable: MS Word Win2K/XP...

[Full-Disclosure] Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

NGSSoftware Insight Security Research Advisory Name: Adobe Acrobat Reader XML Forms Data Format Buffer Overflow Systems Affected: Adobe Acrobat Reader version 5.1 Severity: High Risk Vendor URL: http://www.adobe.com/ Author: David Litchfield [email protected] Date Vendor Notified: 7th Februar...

Adobe Acrobat Reader .xfdf buffer overflow

Buffer overflow on parsing XML Forms Data Format...

sql injection in Logisense software

Background ---------- "LogiSense Corporation is a leading provider of performance software for service providers and enterprises. We offer a wide range of low-cost solutions designed to address common client billing and management, traffic congestion, network scalability, and latency issues."...

CVE-1999-1287

Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface...

Standard HTML form implementation allows access to IMAP, SMTP, NNTP, POP3, and other services via crafted HTML page

Overview An intruder can send certain kinds of data to services that he is not ordinarily able to reach. By crafting the data such that it is redirected through any program the victim uses to render the malicious HTML, the intruder is able send that data to any services that the victim can send...

Атака через web-формы (HTML Form Protocol Attack)

Содержимое формы может быть передано в любой порт эмулируя работу какого-либо протокола...

SERIOUS BUG IN PHPNUKE

Yes, phpnuke.org, was contacted.... First take a look at: http://phpnuke.org/user.php?op=userinfo&uname=MegaHz Then, read this................. PHPnuke Bugs. After testing just a few scripts on phpnuke I have noticed the following: Some fields in the registration form allow code and fail to filte...

Lotus Notes Stored Form Vulnerability

Security Advisory: Lotus Notes Stored Form Vulnerability Date: 8th February 2001 Author: Chris Jones aka dp [email protected] Versions Affected: At present only Lotus Notes v4.6 has been tested ---- Exploit Introduction ------------------------------------------ Due to the design flaws of Lotus Not...

Дырка в Lotus Notes (stored foms)

Внутрь письма можно вставить исполняемый код во внутреннем формате...

CVE-1999-1287

Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface...

cuartangojc-clipboard-msie.txt

Date: Thu, 21 Jan 1999 15:59:15 +0100 From: Juan Carlos Garcia Cuartango To: [email protected] Subject: New IE4 privacy issue Greetings, There is a new IE 4 issue affecting privacy. The clipboard content can be made public by a javascript code two lines long. I reported the problem...

Microsoft Internet Explorer 4 - Clipboard Paste

Microsoft Internet Explorer 4 - Clipboard Paste source: https://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of t...

Microsoft Internet Explorer 4 - Clipboard Paste

source: https://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting end-user. Normally, Microsoft securi...

CVE-1999-0384

The Forms 2.0 ActiveX control included with Visual Basic for Applications 5.0 can be used to read text from a user's clipboard when the user accesses documents with ActiveX content...

CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2026-48736...