PlayMeNow Malformed M3U Playlist File Buffer

No description provided by source. / + Vulnerability: PlayMeNow Malformed M3U Playlist File Buffer Overflow + Product: PlayMeNow - media player. + Versions affected: Tested with 7.3 and 7.4 + Tested on: Windows XP Professional with Service Pack 2 + Author: Gr33nG0bL1n + Software Link:...

WebSphere 6.1 跨站脚本漏洞

漏洞信息： WebSphere 是 IBM 的软件平台。它包含了编写、运行和监视全天候的工业强度的随需应变 Web 应用程序和跨平台、跨产品解决方案所需要的整个中间件基础设施，如服务器、服务和工具。WebSphere 提供了可靠、灵活和健壮的软件。 IBM WebSphere Application Server WAS的UDDI用户控制台的uddigui/navigateTree.do中存在多个跨站脚本攻击漏洞。 远程攻击者可以借助1 keyField, 2 nameField, 3 valueField, 和 4 frameReturn参数，注入任意web脚本或HTML。 漏洞影响：...

IBM DB2 9.5 Fix Pack 5之前多个未明安全漏洞

Bugraq ID: 37332 IBM DB2 Universal Database Server是一款大型的商业关系数据库系统。 IBM DB2存在多个未明安全漏洞。目前没有详细漏洞细节提供。 IBM DB2 Universal Database 9.5 Fixpak 4 IBM DB2 Universal Database 9.5 Fixpak 2 IBM DB2 Universal Database 9.5 Fix Pack 3a IBM DB2 Universal Database 9.5 Fix Pack 1 IBM DB2 Universal Database 9.5...

IBM DB2 9.5 < Fix Pack 5 Multiple Unspecified Vulnerabilities

The IBM DB2 database server installed on the remote host is prior to 9.5 Fix Pack 5. It is, therefore, affected by multiple unspecified vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid43172;...

IBM InfoSphere Information Server存在缓冲区溢出和跨站脚本漏洞

Bugraq ID: 37245, 37246 IBM InfoSphere Information Server是一款数据集成软件平台，可以帮助企业从分散在系统中的复杂的异类信息中获得更多价值。 IBM InfoSphere Information Server存在多个安全漏洞，本地用户可以提升特权或进行跨站脚本攻击。 -传递给信息服务器WEB控制台的参数缺少充分过滤，攻击者可以进行跨站脚本攻击，获得敏感信息。 -DataStage中的部分SETUID程序存在错误，可触发缓冲区溢出。 IBM InfoSphere Information Server 8.1 IBM InfoSpher...

IBM DB2 9.5 < Fix Pack 5 Multiple Vulnerabilities

Binary data 5262.prm...

Microsoft Office Project Remote Code Execution Vulnerability (967183)

This host is missing a critical security update according to Microsoft Bulletin MS09-074. OpenVAS Vulnerability Test $Id: secpodms09-074.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft Office Project Remote Code Execution Vulnerability 967183 Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod...

DSquare Exploit Pack: D2SEC_HPNNM4

Name| d2sechpnnm4 ---|--- CVE| CVE-2009-4178 Exploit Pack| D2ExploitPack Description| HP Network Node Manager 7.53 OvWebHelp.exe Topic Variable Stack Overflow Vulnerability Notes|...

Integer overflow

Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names ...

CVE-2009-2506

The CVE-2009-2506 issue is a memory corruption/heap overflow vulnerability in WordPad and Office text converters when parsing the DocumentSummaryInformation stream of a specially crafted Word 97 DOC file. A remote attacker could execute arbitrary code with the privileges of the logged-on user by ...

DSquare Exploit Pack: D2SEC_IPRINT3

Name| d2seciprint3 ---|--- CVE| CVE-2009-1569 Exploit Pack| D2ExploitPack Description| Novell iPrint Client ienipp.ocx ActiveX Stack Overflow Notes|...

Design/Logic Flaw

Feature Pack for Communications Enabled Applications CEA before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value...

MS09-073: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

The remote host contains a vulnerable version of Microsoft WordPad, Office, or Office Converter Pack. Opening a specially crafted Word 97 file can result in the execution of arbitrary code. A remote attacker could exploit this by tricking a user into opening a malicious Word file. C Tenable Netwo...

DEBIAN-CVE-2009-4214

Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...

Exploit Released for Adobe Illustrator Zero Day Flaw

Adobe’s security response team is scrambling to deal with the release of exploit code for what appears to be a critical zero-day flaw in the Adobe Illustrator CS4 software product. The vulnerability is caused due to an error in the parsing of Encapsulated Postscript Files .eps and can be exploite...

CVE-2009-4191

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vdsollocal module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable...

CVE-2009-4190

Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service panic via unknown vectors, as demonstrated by the vdsolaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information...

Design/Logic Flaw

Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service panic via unknown vectors, as demonstrated by the vdsolaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information...

Design/Logic Flaw

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vdsollocal module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable...

CVE-2009-4191

Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vdsollocal module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable...