Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of sprmCMajority records...

PPStream 2.1.16.1003 overflow-vulnerability warning-the black bar safety net

/ PPStream PowerList. ocx 2.1.6.2916 Description: SetBkImage heap and stack overflows, or before the old problems. The previous patch is a PowerPlayer. dll Here the use of the heap overflow and stack overflow, using CFindFile for parameter checking is not strict, resulting in a heap overflow. In...

asteridex-exec.txt

Hoku Security Vulnerability Advisory Title: AsteriDex remote command execution Vendor URL: http://bestof.nerdvittles.com/applications/asteridex/ Type: Command injection / remote code execution Vulnerable versions: = 3.0 Risk factor: High Popularity: Low Author: Carl Livitt Contact: [email protected]...

AsteriDex (Asterisk / Trixbox) remote code execution

Hoku Security Vulnerability Advisory Title: AsteriDex remote command execution Vendor URL: http://bestof.nerdvittles.com/applications/asteridex/ Type: Command injection / remote code execution Vulnerable versions: = 3.0 Risk factor: High Popularity: Low Author: Carl Livitt Contact: [email protected]...

CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability-vulnerability warning-the black bar safety net

CMailServer mail system, the attachment download module download mail system installation disk arbitrary file vulnerability Our Team: http://www.ph4nt0m.org Author: cloud [email protected] Date: 2005-11-06 Severity: medium Error type: parameter checking is not strict Affect the system: th...

devfs -- ruleset bypass

Problem description Due to insufficient parameter checking of the node type during device creation, any user can expose hidden device nodes on devfs mounted file systems within their jail. Device nodes will be created in the jail with their normal default access permissions. Impact Jailed process...

Multiple Vulnerabilities in Cloisterblog web blog/journal

Executive Overview ------------------ Cloisterblog, a general usage web blog written in perl suffers from multiple XSS and directory transversal issues as well as a design flaw in the admin section. Program Description -------------------- Cloisterblog...

openlink.3.2.txt

Overview: A serious security hole has been found in the web configuration utility that comes with OpenLink 3.2. This hole will allow remote users to execute arbitrary code as the user id under which the web configurator is run inherited from the request broker, oplrqb. The hole is a run-of-the-mi...