PT-2004-3225 · Adobe · Coldfusion Mx

Name of the Vulnerable Software and Affected Versions: ColdFusion MX versions 6.1 and 6.1 J2EE Description: The issue allows local users to bypass sandbox security restrictions and obtain sensitive information. This is achieved by using Java reflection methods to access trusted Java objects witho...

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code (MS04-038)

Microsoft Internet Explorer 5.x - Valid File Drag and Drop Embedded Code MS04-038 source: https://www.securityfocus.com/bid/11466/info The Microsoft cumulative Internet Explorer patch MS04-038 attempted to limit what files may be dragged and dropped onto the local computer from the Internet Zone ...

CVE-2004-0534

Cross-site scripting XSS vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document...

[Full-Disclosure] Corsaire Security Advisory - Business Objects WebIntelligence arbitrary document deletion issue

-- Corsaire Security Advisory -- Title: Business Objects WebIntelligence arbitrary document deletion issue Date: 27.05.04 Application: WebIntelligence 2.7, Business Objects 5.1 Environment: Various Author: Stephen de Vries [email protected] Audience: General distribution Reference: c040527-001...

CVE-2002-1257

Microsoft Virtual Machine VM up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM Component Object Model objects in a web site or an HTML mail...

Mandrake Linux Security Advisory : net-snmp (MDKSA-2003:115)

A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view. The updated packages provide Net-SNMP version 5.0.9 which is not vulnerable to this issue and also fixes a number of othe...

Sun Java Runtime Environment 1.4.x - Font Object Assertion Failure Denial of Service

source: https://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when processing font objects. This iss...

CVE-2004-0204

CVE-2004-0204 describes a directory traversal in Crystal Reports and Crystal Enterprise Web viewers redistributed with Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Microsoft Business Solutions CRM 1.2. The vulnerability arises from improper validation of HTTP...

Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities

source: https://www.securityfocus.com/bid/10199/info Yahoo! Messenger COM objects YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 have been reported prone to remotely exploitable buffer overflow vulnerabilities. The conditions are triggered when properties are assigned values strings o...

Microsoft Windows creates COM object identifiers incorrectly

Overview A vulnerability exists in Microsoft's COM object component. Explotiation of this vulnerability may lead to information disclosure and the ability for an attacker to open services on network communication ports. Description Microsoft's COM object component creates object identifiers in a...

Apache Httpd < 2.0.53 : mod_disk_cache stores sensitive headers

The experimental moddiskcache module stored client authentication credentials for cached objects such as proxy authentication credentials and Basic Authentication passwords on disk...

Moderate: Red Hat Security Advisory: net-snmp security update

Updated Net-SNMP packages are available that correct a security vulnerability and other bugs. The Net-SNMP project includes various Simple Network Management Protocol SNMP tools. A security issue in Net-SNMP versions before 5.0.9 could allow an existing user/community to gain access to data in MI...

CVE-2003-1477

MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service CPU consumption via a PowerPoint attachment that either 1 is corrupt or 2 contains "embedded objects."...

Net-SNMP information leak

With knowledge of any community it's possible to gain access to all MIB objects...

CVE-2003-0935

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed...

CVE-2003-0935

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed...

CVE-2003-0245

Vulnerability in the aprpsprintf function in the Apache Portable Runtime APR library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via long strings, as demonstrated using XML objects to moddav, and possibly other...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

CVE-2000-1212

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...

CVE-2000-1212

CVE-2000-1212 concerns Zope 2.2.0–2.2.4, where a data updating method on Image and File objects is not properly protected. This flaw enables attackers with DTML editing privileges to modify the raw data of these objects. The vulnerability is rooted in insufficient access controls on a data update...