2319 matches found
Code injection
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors...
CVE-2008-4692
CVE-2008-4692 affects IBM DB2’s Native Managed Provider for .NET. When a definer cannot maintain objects, it preserves views and triggers without marking them inoperative or dropping them, giving an unknown impact. Remediation is provided via fixes: IBM DB2 9.1 FP6 and DB2 9.5 FP2 (and related pa...
CVE-2008-4692
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors...
Microsoft VBScript和JScript脚本引擎远程溢出漏洞(MS08-022)
BUGTRAQ ID: 28551 CVECAN ID: CVE-2008-0083 Microsoft Windows是微软发布的非常流行的操作系统。 Windows的VBScript和JScript脚本引擎在处理畸形数据时存在漏洞,远程攻击者可能利用此漏洞控制用户系统。 Windows的VBScript和JScript脚本引擎在解码网页中的脚本时允许脚本加载到内存中运行,这可能导致缓冲区溢出。如果用户打开了特制文件或访问正在运行特制脚本的网站,则此漏洞可能允许远程执行代码。 Microsoft VBScript/JScript 5.1 - Microsoft Windows 2000...
Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow
!-- aushack.com - Vulnerability Advisory ----------------------------------------------- Release Date: 07-Apr-2008 Software: Tumbleweed Communications - SecureTransport FileTransfer http://www.tumbleweed.com/ Description: "Tumbleweed SecureTransport is the industry's most secure Managed File...
CVE-2008-0636
Level Platforms, Inc. LPI Managed Workplace Service Center 4.x, 5.x and 6.x allows remote attackers to obtain sensitive information via a direct request to About/SCAbout.htm, which provides version and patch information...
CVE-2008-0636
Level Platforms, Inc. (LPI) Managed Workplace Service Center versions 4.x–6.x expose_version and patch information via a direct request to About/SC_About.htm, enabling information disclosure to remote attackers. The underlying vulnerability is an information-leak through an unprotected About page...
CVE-2008-0215
Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management SRM before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors...
Managed Workplace Service Center 4.x/5.x/6.x - Installation Information Disclosure
source: https://www.securityfocus.com/bid/27702/info Managed Workplace Service Center is prone to an information-disclosure vulnerability because the application fails to protect private information. Attackers may exploit this issue to retrieve sensitive information that may aid in further attack...
CVE-2007-4614
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426...
CVE-2007-4614
BEA WebLogic Server 9.1 does not properly handle propagation of an admin server's security policy change log to temporarily unavailable managed servers, which might allow attackers to bypass intended restrictions, a different vulnerability than CVE-2007-0426...
Avast! Managed Client CAB文件处理远程堆溢出漏洞
Avast!是一款反病毒应用程序。 Avast! Managed Client处理CAB文件存在堆溢出问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Avast! Antivirus Managed Client 4.7.652 Avast! Antivirus Managed Client 4.6.394 厂商解决方案 升级到Avast! Managed Client 4.7.700版本: http://www.avast.com/eng/adnm-management-client-revision-history.html...
Heap overflow
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around"...
Buffer overflow
Buffer overflow in the Configuration Checker ConfigChk ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method...
CVE-2007-1083
Buffer overflow in the Configuration Checker ConfigChk ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method...
CVE-2007-1083
The CVE-2007-1083 issue affects the VeriSign Configuration Checker ActiveX control (VSCnfChk.dll, version 2.0.0.2) used in VeriSign PKI products. The Nessus entry confirms a stack/buffer overflow in VerCompare() that can allow remote code execution when a user is tricked into loading a crafted we...
CVE-2007-0426
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to...
CVE-2007-0426
BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to...
Lanifex Database of Managed Objects Access_manager.PHP远程文件包含漏洞
Lanifex Database of Managed Objects是一款基于PHP的WEB应用程序。 Lanifex Database of Managed Objects不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Accessmanager.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Lanifex Lanifex 2.3 Beta Lanifex Lanifex 2.2 无 !/usr/bin/perl use LWP::UserAgent; / +...
Lanifex DMO <= 2.3b (_incMgr) Remote File Include Exploit
Exploit for unknown platform in category web applications ========================================================= Lanifex DMO s...