Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

DSquare Exploit Pack: D2SEC_MAXDB

Name| d2secmaxdb ---|--- CVE| CVE-2008-0244 Exploit Pack| D2ExploitPack Description| SAP MaxDB cons.exe Remote Command Injection Vulnerability Notes|...

CVE-2008-0243

CVE-2008-0243 is an unspecified denial-of-service vulnerability in IBM Lotus Domino 7.0.2 before Fix Pack 3. The NVD description notes a DoS via unknown vectors, with CVSS v2 base score 7.8 (HIGH) and network attack vector with no authentication. Connected sources (NVD entry, Tenable/Nessus plugi...

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected...

Code injection

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected...

CVE-2007-6679

Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected...

DSquare Exploit Pack: D2SEC_VMPEGASUS

Name| d2secvmpegasus ---|--- CVE| CVE-2007-5360 Exploit Pack| D2ExploitPack Description| VMware ESX Server OpenPegasus overflow Notes|...

CVE-2008-0098

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE...

CVE-2008-0098

Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE...

[HSC] Snitz Forums Multiple Vulnerabilities

HSC Snitz Forums Multiple Vulnerabilities Snitz Forums Default Database installation allows remote users to download the database which contains critical information. As a result, an attacker exploiting this vulnerability will be able to obtain detailed information. An attacker may leverage xss...

CVE-2007-6525

Unspecified vulnerability in eClient in IBM DB2 Content Manager CM Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."...

DSquare Exploit Pack: D2SEC_XUPLOAD

Name| d2secxupload ---|--- CVE| CVE-2007-6530 Exploit Pack| D2ExploitPack Description| Persits Software XUpload ActiveX Stack Overflow Notes|...

IPortalX Forums Cross-Site Scripting Vulnerability

HSC IPortalX Forums Cross-Site Scripting Vulnerability IPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2007-6509

Unspecified vulnerability in Appian Enterprise Business Process Management BPM Suite 5.6 SP1 allows remote attackers to cause a denial of service via a crafted packet to port 5400/tcp...

IBM AIX 5300-06 Service Pack 4和5300-07技术级别修正多个未明漏洞

BUGTRAQ ID: 26825 CNCAN ID:CNCAN-2007121205 IBM AIX是一款商业性质的操作系统。 IBM AIX 5300-06 Service Pack 4和5300-07 Technology Level修正了多个安全问题，目前没有详细漏洞细节提供。 IBM AIX 5.3 安装和使用IBM AIX 5300-06 Service Pack 4和5300-07 Technology Level：...

DSquare Exploit Pack: D2SEC_HPINFO

Name| d2sechpinfo ---|--- CVE| CVE-2007-6331 Exploit Pack| D2ExploitPack Description| HP Info Center HPInfoDLL.DLL ActiveX Arbitrary Code Execution Vulnerability Notes|...

SuSE 10 Security Update : cron (ZYPP Patch Number 3831)

By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. CVE-2007-1856 A re-emerged symlink bug allowed users to edit the crontab of other users. CVE-2005-1038 This is a reissue of the SLES10 update after Service Pack 1, since Service Pack 1 merge lost so...

Immunity Canvas: MS07_066

Name| ms07066 ---|--- CVE| CVE-2007-5350 Exploit Pack| CANVAS Description| Microsoft Vista ALPC Dangling Pointer Overwrite Notes| References: www.microsoft.com/technet/security/bulletin/ms07-066.mspx CVE Name: CVE-2007-5350 VENDOR: Microsoft MSADV: MS07-066 Date public: 12/11/07 CVE Url:...

Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)

Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer 942615 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves four privately reported vulnerabilities. The most serious security impact...

bitweaver-sqlxss.txt

HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...