639 matches found
Mandrake Linux Security Advisory : gtk+ (MDKSA-2001:061-1)
A vulnerability exists with the GTK+ toolkit in that the GTKMODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+. With this, an attacker could create a custom module and load it using the toolkit which cou...
Microsoft Windows XP - Self-Executing Folder
source: https://www.securityfocus.com/bid/10363/info A vulnerability has been reported in Microsoft Windows XP that may cause malicious code to run in the context of the currently logged-in user. The flaw exists in Windows Explorer and may allow executable content that is referenced from inside a...
Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
Description Various Microsoft Windows operating systems are prone to a remotely exploitable stack-based buffer overrun via the PCT Private Communications Transport protocol. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system,...
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting
PHP-Nuke 6.x7.x Reviews Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9613/info It has been reported that the PHP-Nuke module 'Reviews' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied...
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script dernierscommentaires.php Remote File Inclusion source: https://www.securityfocus.com/bid/9536/info It has been reported that Les Commentaires may be prone to a file include vulnerability in various modules, that may allow an attacker to include...
phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion
phpGroupWare 0.9.14 - TablesUpdate.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/12074/info phpGroupWare is prone to a remote file include vulnerability, potentially allowing the execution of malicious PHP code. This would occur in the context of the affected web server...
GNU Indent 2.2.9 - Local Heap Overflow
GNU Indent 2.2.9 - Local Heap Overflow source: https://www.securityfocus.com/bid/9297/info It has been reported that GNU Indent may be prone to a local heap overflow vulnerability that can be exploited through a malicious C source input file. It has been reported that indent copies data from the...
GNU Indent 2.2.9 - Local Heap Overflow
source: https://www.securityfocus.com/bid/9297/info It has been reported that GNU Indent may be prone to a local heap overflow vulnerability that can be exploited through a malicious C source input file. It has been reported that indent copies data from the file to a 1000 byte long buffer without...
GeekLog 1.3.x - HTML Injection
GeekLog 1.3.x - HTML Injection source: https://www.securityfocus.com/bid/8792/info Geeklog has been reported prone to multiple HTML Injection vulnerabilities. The issues have been reported to present themselves due to a lack of sufficient sanitization performed on data that is parsed from forum...
Microsoft Internet Explorer 6 - window.open Media Bar Cross-Zone Scripting
Microsoft Internet Explorer 6 - window.open Media Bar Cross-Zone Scripting source: https://www.securityfocus.com/bid/9769/info It has been reported that Microsoft Internet Explorer may be prone to a cross-zone scripting vulnerability that could ultimately lead to execution of malicious script cod...
FTP Desktop 3.5 - Banner Parsing Buffer Overflow
source: https://www.securityfocus.com/bid/8559/info A buffer overflow vulnerability has been reported in FTP Desktop. The vulnerability occurs when FTP Desktop is parsing 'Welcome' banner 220 messages from remote FTP servers. When FTP Desktop receives an FTP banner exceeding a certain length, it...
Microsoft Internet Explorer 5/6 - Object Type Validation
source: https://www.securityfocus.com/bid/8456/info The problem occurs when Internet Explorer receives a response from the server when a web page containing an object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be executed ...
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This...
RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution
source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of cookie-based authentication credential...
SimpNews 2.0.1/2.13 - 'path_simpnews' Remote File Inclusion
source: https://www.securityfocus.com/bid/8227/info SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variable is used in the include path for...
IglooFTP 0.6.1 - Banner Parsing Buffer Overflow
source: https://www.securityfocus.com/bid/8161/info A buffer overflow vulnerability has been reported in IglooFTP. The vulnerability occurs when IglooFTP is parsing 'Welcome' banner messages from remote FTP servers. When IglooFTP receives an FTP banner exceeding a certain length, it will trigger...
Softrex Tornado WWW-Server 1.2 - Buffer Overflow
Softrex Tornado WWW-Server 1.2 - Buffer Overflow source: https://www.securityfocus.com/bid/7716/info A buffer overflow vulnerability has been reported for Tornado www-Server. The vulnerability exists when Tornado processes overly long HTTP requests. This will result in the server crashing. Althou...
Ifenslave 0.0.7 - Argument Local Buffer Overflow (1)
source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It is possible...
Maelstrom Player 3.0.x - Argument Buffer Overflow (1)
source: https://www.securityfocus.com/bid/7632/info Maelstrom for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It may be...
ListProc 8.2.9 - Catmail ULISTPROC_UMASK Buffer Overflow
ListProc 8.2.9 - Catmail ULISTPROCUMASK Buffer Overflow source: https://www.securityfocus.com/bid/7533/info ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROCUMASK environment variable of excessive length. The issue is likely due to a lack of...