Gateway CWebLaunchCtl ActiveX控件远程栈溢出漏洞

BUGTRAQ ID: 27193 Gateway是美国一个著名的电脑品牌，产品包括PC、笔记本、外围设备等。 Gateway电脑所带的ActiveX控件实现上存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。 Gateway电脑中所安装的CWebLaunchCtl ActiveX控件（weblaunch.ocx）没有正确地验证对DoWebLaunch函数的输入，如果用户受骗访问了恶意网页并向该函数传送了超长参数的话，就可能触发栈溢出，导致执行任意指令。 Gateway weblaunch.ocx 1.0.0.1 临时解决方法： 在IE中禁用CWebLaunchCtl...

Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...

AOL Radio AOLMediaPlaybackControl.exe stack buffer overflow

Overview The AOL AOLMediaPlaybackControl application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description AOL Radio includes several ActiveX controls to stream audio in web pages. The AOL AmpX and...

XUpload ActiveX Control AddFolder Method Buffer Overflow

The remote host contains a version of the XUpload ActiveX control from Persits Software that reportedly is affected by a buffer overflow in its 'AddFolder' method that can be triggered by a long argument. If a remote attacker can trick a user on the affected host into visiting a specially crafted...

Lotus Domino Web Access ActiveX control dwa7w.dll buffer overflow

Added: 12/31/2007 CVE: CVE-2007-4474 BID: 26972 OSVDB: 40954 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. Problem A buffer overflow vulnerability in the Lotus Domino Web Access ActiveX control in the dwa7w.dl...

IBM Lotus Domino Web Access ActiveX control stack buffer overflows

Overview The IBM Lotus Domino Web Access ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Domino includes an ActiveX control called Domino Web Access,...

PhpMyDesktopArcade 1.0 Final - phpdns_basedir Remote File Inclusion

PhpMyDesktopArcade 1.0 Final - phpdnsbasedir Remote File Inclusion Name : PhpMyDesktop|arcade 1.0 Final phpdnsbasedir Remote File Include Download From : http://mesh.dl.sourceforge.net/sourceforge/pmd-arcade/pmdarcade10final.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : Google Dork : Powere...

The Trojan uses the“free kill”evading anti-virus techniques-vulnerability warning-the black bar safety net

Today, talk about horses can be described as color change. Trojan indeed than the conventional virus more ruthless, monitoring your operation, devouring your privacy, destroy your data. We install the latest antivirus software and daily patch updates, and the firewall is always protected, but why...

Break ray client figure ASP webmaster Safety assistant-vulnerability warning-the black bar safety net

To Lake2 website and 1. 5 the source code, found this version indeed improved a lot, and increase the killing function: 1:killing by the Unicode encoding of the ASP Trojan 2:killing the useOpen|CreateTextFile, And SaveToFile, Save, set Server, Server. Transfer|Execute, the ShellExecute, Exec, the...

CityWriter 0.9.7 head.php Remote File Inclusion Vulnerability

No description provided by source. Name : CityWriter 0.9.7 Remote File Include Download From : http://download.hulihanapplications.com/citywriter/citywriter-0.97.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ============================================================================ Vulne...

Fastpublish CMS 1.9999 config[fsBase] RFI Vulnerability

No description provided by source. Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...

CityWriter 0.9.7 - head.php Remote File Inclusion

CityWriter 0.9.7 - head.php Remote File Inclusion Name : CityWriter 0.9.7 Remote File Include Download From : http://download.hulihanapplications.com/citywriter/citywriter-0.97.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...

citywriter-rfi.txt

Name : CityWriter 0.9.7 Remote File Include Download From : http://download.hulihanapplications.com/citywriter/citywriter-0.97.zip Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ============================================================================ Vulne Code In File head.php In Line 1:...

Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion

Fastpublish CMS 1.9999 - configfsBase Remote File Inclusion Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...

US-CERT Technical Cyber Security Alert TA07-297A -- RealNetworks RealPlayer ActiveX Playlist Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-297A RealNetworks RealPlayer ActiveX Playlist Buffer Overflow Original release date: October 24, 2007 Last revised: -- Source: US-CERT Systems Affected Windows systems with RealPlayer 11...

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

Microsoft SQL Server Distributed Management Objects buffer overflow

Added: 10/11/2007 CVE: CVE-2007-4814 BID: 25594 OSVDB: 38399 Background Microsoft SQL Server includes a Distributed Management Object model which offers a modern, object-oriented alternative to using stored procedures. The Distributed Management Object model is implemented by the sqldmo.dll Activ...

Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability

Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...