1214 matches found
CVE-2009-1979 (Oracle RDBMS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. This vulnerability was ranked 10.0 for Windows in CPUoct2009 and related to improper AUTHSESSKEY parameter length validation. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html Executable + source code attached...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
Design/Logic Flaw
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7102
DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...
CVE-2008-7102
DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...
MDPro Surveys Module SQL Injection Vulnerability
MDPro is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2008-4258
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."...
CVE-2008-4258
CVE-2008-4258 describes a remote code execution vulnerability in Microsoft Internet Explorer 5.01 SP4 and IE6 SP1 caused by improper parameter validation during navigation method calls, leading to memory corruption when processing crafted HTML. Connected advisories (MS08-073) group this with rela...
PT-2008-5541 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 6 SP1 Description: A remote code execution issue exists due to improper validation of parameters during calls to navigation methods. This allows attackers to execute arbitrary code via a...
NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln
No description provided by source. vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticat...
Python 'Imageop'模块参数验证缓冲区溢出漏洞
BUGTRAQ ID: 31932 CNCAN ID:CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证,远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供,可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...
CVE-2008-2252
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory...
1024 CMS多个文件包含漏洞
BUGTRAQ ID: 30091 1024是基于PHP和MySQL的内容管理系统。 1024 CMS中存在多个文件包含漏洞,允许恶意用户泄露敏感信息或入侵有漏洞的系统。 1...
CVE-2008-1736
Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...
CVE-2008-1736
CVE-2008-1736 relates to Comodo Firewall Pro 2.4.18.184 where hooked SSDT functions do not properly validate arguments (notably NtDeleteFile, NtCreateFile, NtSetThreadContext). This can allow a local attacker to trigger a Denial of Service (system crash). The issue is described in CoreLabs CORE-2...
hiswebshop-traverse.txt
HIS-Webshop is a shopping-system written in Perl by www.shoppark.de The script doesn´t check the "t"-parameter. Example: http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00...
Microsoft IE参数处理内存破坏漏洞(MS08-010)
BUGTRAQ ID: 27689 CVECAN ID: CVE-2008-0078 Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer中的一个ActiveX控件(dxtmsft.dll)在图像处理过程中处理参数验证的方式中存在一个远程执行代码漏洞,攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1...
Debian Security Advisory DSA 893-1 (acidlab)
The remote host is missing an update to acidlab announced via advisory DSA 893-1. Remco Verhoef has discovered a vulnerability in acidlab, Analysis Console for Intrusion Databases, and in acidbase, Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL...
Stack overflow
Multiple stack-based buffer overflows in Computer Associates CA BrightStor Hierarchical Storage Manager HSM before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter...