2903 matches found
CVE-2009-3577
Autodesk 3DS Max applications (versions 6–9 and 2008–2010) are affected by a vulnerability in MaxScript application callbacks that allows remote code execution when a crafted .max file embeds a MAXScript statement invoking DOSCommand. Root cause: unsanitized data binding of MaxScript to callbacks...
Autodesk 3ds Max应用回调远程代码执行漏洞
BUGTRAQ ID: 36634 CVE ID: CVE-2009-3577 Autodesk 3D Max是在视频游戏、电影、多媒体和web内容开发中广泛应用的建模和动画软件包。 Autodesk 3D Max提供了内嵌的脚本语言MaxScript。3D Max允许用户将MaxScript绑定到应用回调上,如果用户受骗打开了嵌入有MaxScript应用回调的.max文件,就会导致执行任意代码。 Autodesk 3DS Max 9 Autodesk 3DS Max 8 Autodesk 3DS Max 7 Autodesk 3DS Max 6 Autodesk 3DS Max 201...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
Exploit for unknown platform in category local exploits ================================================================== Autodesk 3DS Max Application Callbacks Arbitrary Command Execution ================================================================== Title: Autodesk 3DS Max Application...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution. CVE-2009-3577. Local exploit for windows platform -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
Advisory ID Internal CORE-2009-0909 Core Security - CoreLabs Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution Advisory Id: CORE-2009-0909 Advisory...
PT-2009-6201 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.12 PHP versions 5.3.x prior to 5.3.1 Description: The issue allows remote attackers to cause a denial of service due to resource exhaustion by creating multiple temporary files when handling a multipart/form-data POS...
CVS Max-dotdot Protocol Command Integer Overflow (CVE-2004-0417)
Concurrent Versions System CVS is an open-source network-transparent version control system. CVS itself does not listen for, or accept network connections. To implement remote repository access, it can be installed as an inetd service, or invoked with the rsh/ssh command. Data between the server...
Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution
Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution source: https://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds...
Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution
source: https://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds Max 6 through 9 3ds Max 2008 through 2010 Other versions may also be...
SLES11: Security update for MySQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: libmysqlclient15 libmysqlclientr15 mysql mysql-Max mysql-client More details may also be found by searching for the SuSE Enterprise Server 11 patch database...
SLES11: Security update for MySQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: libmysqlclient15 libmysqlclientr15 mysql mysql-Max mysql-client More details may also be found by searching for the SuSE Enterprise Server 11 patch database...
SLES9: Security update for MySQL
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: mysql-devel mysql mysql-Max For more information, please visit the referenced security advisories. More details may also be found by searching for keyword...
pSnuffle Packet Sniffer
This module sniffs passwords like dsniff did in the past This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework dsniff was helping me very often. Too bad that it doesn't work correctly anymore. Psnuffle should bring password...
Add a password lockout feature
Confluence does not prevent someone from making a script that tries every possible password combination for a Confluence account. There should be an option to set a max attempts and then lock out the user from the system. This is obviously a security problem as Confluence within most companies us...
PCI DSS compliance : options settings
This plugin reports the values of a few important scan settings if PCI DSS compliance checks are enabled. These scan settings are preset based on the scan template you have selected, but in some cases may be overriden. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...
Unfixed XSS vulnerability at www.thesixthaxis.com
Security researcher Max Dietz, has submitted on 25/07/2009 a cross-site-scripting XSS vulnerability affecting www.thesixthaxis.com, which at the time of submission ranked 33891 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/06/2010. It is...
Pixaria Gallery 2.3.5 (file) Remote File Disclosure Exploit
Exploit for unknown platform in category web applications =========================================================== Pixaria Gallery 2.3.5 file Remote File Disclosure Exploit =========================================================== ?php iniset"maxexecutiontime",0; printr' || || | || o,7 || . ...
kernel: nfsv4 client can be crashed by stating a long filename
fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly initialize a certain structure member that stores the maximum NFS filename length, which allows local users to cause a denial of service OOPS via a long filename, related to the encodelookup function...
Jieqi CMS <= 1.5 Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================== Jieqi CMS Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 ?php printr'...