USN-188-1: AbiWord vulnerability

Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user...

[Full-disclosure] [USN-188-1] AbiWord vulnerability

=========================================================== Ubuntu Security Notice USN-188-1 September 29, 2005 abiword vulnerability CAN-2005-2964 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 Warty Warthog Ubuntu...

CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

DEBIAN-CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

CVE-2005-2964

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism...

PHPNuke78.txt

NewAngels Advisory 7PHP Nuke sqlquery"SELECT active, view FROM ".$prefix."modules WHERE title='$name'"; The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code: $queryString = strtolower$SERVER'QUERYSTRING'; if...

CVE-2004-2390

The roster import functionality in Jabber Gadu-Gadu Transport a.k.a. jabber-gg-transport 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors...

wordpressXSS.txt

Wordpress is a popular blogging software. Its website is at http://wordpress.org/ Wordpress has a XSS vulnerabilty; http://host/folder/wp-admin/import-greymatter.php?action=step1& archivespath=scriptalertdocument.cookie/script FNSE advisory http://fnse.be.tt Watch out for my new book "How to Make...

CVE-2002-1940

LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application...

CVE-2005-0140

Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

security flaw

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system...

CVE-2005-0115

Stack-based buffer overflow in DataRescue Interactive Disassembler IDA Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

CVE-2005-0140

Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

CVE-2005-0140

CVE-2005-0140 affects PeID: a buffer overflow in the Import Address Table when processing a PE file with a long import library name can allow arbitrary code execution. Documents consistently describe this as a buffer overflow vulnerability in PeID and do not provide a published fix or affected ve...

CVE-2005-0115

Stack-based buffer overflow in DataRescue Interactive Disassembler IDA Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name...

Debian DSA-061-1 : gnupg - printf format attack

The version of GnuPG GNU Privacy Guard, an OpenPGP implementation as distributed in Debian GNU/Linux 2.2 suffers from two problems : - fish stiqz reported on bugtraq that there was a printf format problem in the doget function: it printed a prompt which included the filename that was being...

WebCT Campus Edition 4.1 - Cross site scripting using CSS @import

Name: WebCT Campus Edition 4.1 - Cross site scripting using CSS @import Release date: 2004/03/29 Application: WebCT Campus Edition 4.1 4.1.1.5, possibly others Vendor URL: http://www.webct.com/ WebCT Inc. Author: Simon Boulet simon boulet divahost net Legal Notice: -------------------- This...

nCipher Advisory #7: Unexpected copies of imported software keys

nCipher Security Advisory No. 7 Unexpected duplicates of imported software based keys ----------------------------------------------------- SUMMARY ------- When either the command line utility generatekey or the KeySafe graphical application is used to import a software based key into an nCipher...

Information leakage via key file duplication during nCipher import

generatekey utility creates temporary PEM file and fails to delete it...