CVE-2007-4890

Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library VBTOVSI.DLL 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can b...

CVE-2007-4890

Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library VBTOVSI.DLL 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can b...

[SECURITY] Fedora 7 Update: lighttpd-1.4.18-1.fc7

Secure, fast, compliant and very flexible web-server which has been optimiz ed for high-performance environments. It has a very low memory footprint compa red to other webservers and takes care of cpu-load. Its advanced feature-set FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many mo...

CVE-2007-3997

The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...

GLSA-200708-03 : libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-03 libarchive formerly named as bsdtar: Multiple PaX Extension Header Vulnerabilities CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow CVE-2007-3641, an infinite loop CVE-2007-3644, and a NULL...

libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities

Background libarchive is a library for manipulating different streaming archive formats, including certain tar variants, several cpio formats, and both BSD and GNU ar variants. Description CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow CVE-2007-3641, an infinite loop...

Remove the space-list from the 404-error-page to reduce load on server

The default 404 page shows a list of spaces. On a big, busy instance this can generate a lot of load. The query is run on every 404 which can happen multiple times on a request if there are some bad resources missing css/js etc. Perhaps there should be some sort of throttling or configuration to...

Remove the space-list from the 404-error-page to reduce load on server

The default 404 page shows a list of spaces. On a big, busy instance this can generate a lot of load. The query is run on every 404 which can happen multiple times on a request if there are some bad resources missing css/js etc. Perhaps there should be some sort of throttling or configuration to...

IBM AIX Pioout任意库加载命令执行漏洞

BUGTRAQ ID: 25084 CVECAN ID: CVE-2007-4003 IBM AIX是一款商业性质的UNIX操作系统。 AIX操作系统所随捆绑的pioout程序处理命令行参数时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 pioout程序没有丢弃权限便加载了攻击者所提供的任意共享库，如果使用了-R命令行参数攻击者就可以指定用于解析打印机数据的共享库。pioout程序拥有root setuid，任何本地用户都可以执行，因此本地攻击者可以通过创建一个执行shell的共享库导致以root用户权限执行任意命令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法：...

security flaw

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

sh3llc0de development and testing in the dumpbin of use-vulnerability warning-the black bar safety net

Of course, based on the MSFMetasploit Frameworkshellcode development of a simple have almost don't you go learn programming on something details, please refer to himself the preparation of the MSF Chinese manual, but for a beginner and like to explore the bottom of the people, The do-it-yourself...

CVE-2007-3702

Directory traversal vulnerability in the load function in cgi-bin/mail/mailmachine.cgi in Mail Machine 3.989 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the archives parameter in a Load action...

freetype integer overflow

Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative npoints value, which leads to an integer overflow and heap-based buffer overflow...

Allow embedding multimedia content located on remote servers

Re: CSP-8387 Currently, when embedding multimedia content on Confluence you are restricted to embedding files located on the Confluence server. The page http://confluence.atlassian.com/display/CONF20/Embedding+Multimedia+Content singles out "security reasons" as the reason for this limitation. In...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 allow remote attackers to execute arbitrary PHP code via a URL in 1 the path parameter to library/adodb/adodb.inc.php, 2 the abspatheditor parameter to library/editor/editor.php, or 3 the cfgfiletoload parameter to...

CVE-2007-2041

Cisco Wireless LAN Controller WLC before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195...

The United States Blizzard[World Of Warcraft] official program vulnerability-vulnerability warning-the black bar safety net

Battle.net clan management system using a MySQL backend, allowing users to easily upgrade and maintain the web site. System to achieve on exist input validation vulnerability, a remote attacker could use this vulnerability to executeSQL injectionattacks, unauthorized access to system administrati...

Mandrake Linux Security Advisory : imlib2 (MDKSA-2006:198-1)

M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an...

HP LoadRunner Agent Service Detection

An HP LoadRunner Agent is listening on the remote host. This agent enables a LoadRunner Controller to communicate with the LoadRunner Load Generator on the remote host for performance testing. Note that Hewlett-Packard acquired LoadRunner in November 2006 as part of its acquisition of Mercury...

solaris/sparc executes command after setreuid (92 bytes + cmd)

No description provided by source. / bunkersparcexec.c V1.0 - Sat Oct 21 17:45:27 CEST 2006 Solaris/sparc bytecode that executes command after setreuid 92 bytes + cmd setreuid0, 0 + execve"/bin/sh", "/bin/sh","-c","cmd", NULL; bunker - http://rawlab.mindcreations.com...