1212 matches found
CVE-2007-5042
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey, 2 NtDeleteFile, 3 NtLoadDriver, 4...
CVE-2007-4970
ProcessGuard 3.410 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks for Windows Native API functions including 1 NtCreateFile, 2...
Code injection
Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks for 1 NtOpenProcess and 2 NtOpenThread...
CVE-2007-4968
Privatefirewall 5.0.14.2 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks for 1 NtOpenProcess and 2 NtOpenThread...
CVE-2007-4970
ProcessGuard 3.410 is vulnerable due to improper validation of parameters passed to System Service Descriptor Table (SSDT) function handlers. The issue enables local users to trigger a denial of service (crash) and potentially gain privileges by abusing kernel SSDT hooks targeting Windows Native ...
CVE-2007-4972
RegMon 7.04 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via kernel SSDT hooks to the 1 NtCreateKey and 2 NtOpenKey Windows Native API functions...
CVE-2007-3956
TeamSpeak WebServer 2.0 for Windows does not validate parameter value lengths and does not expire TCP sessions, which allows remote attackers to cause a denial of service CPU and memory consumption via long username and password parameters in a request to login.tscmd on TCP port 14534...
Microsoft Windows Shell Hardware Detection privilege escalation
Parameter of function executed during hardware detection is not validated...
DEBIAN-CVE-2007-0262
WordPress 2.0.6, and 2.1Alpha 3 SVN:4662, does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as th...
CVE-2006-6821
myprofile.asp in Enthrallweb eNews does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...
CVE-2006-6822
Vulnerability : In Enthrallweb eClassifieds, myprofile.asp does not properly validate the MM_recordId parameter during profile updates. This allows remote authenticated users to modify certain profile fields of another account by supplying that account’s username in a modified MM_recordId value. ...
Debian DSA-893-1 : acidlab - missing input sanitising
Remco Verhoef has discovered a vulnerability in acidlab, Analysis Console for Intrusion Databases, and in acidbase, Basic Analysis and Security Engine, which can be exploited by malicious users to conduct SQL injection attacks. The maintainers of Analysis Console for Intrusion Databases ACID in...
CVE-2006-4527
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magicquotesgpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks...
PT-2006-5229 · Jupiter · Jupiter Cms
Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the template parameter in the index.php file. However, it's noted that the $template variable is defined as a static value...
Patching system services at runtime
Patching system services at runtime Although KAV appears to use a filesystem filter, the standard Windows mechanism for intercepting accesses to files specifically designed for applications like anti-virus software, the implementors also used a series of API-level function hooks to intercept...
CVE-2006-2383
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a w...
CVE-2006-2383
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a w...
OpenEngineTraverse.txt
OpenEngine is a PHP based CMS. The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted. All actual versions are vulnerable up to 1.8 Beta 2, which is the newest one, only the paths and consequences differ. For example you can browse the...
[NEWS] D-Link DSL-G604T Wireless Router Directory Traversal
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Horde go.php url Parameter Arbitrary File Access
The version of Horde installed on the remote host fails to validate input to the 'url' parameter of the 'services/go.php' script before using it to read files and return their contents. An unauthenticated attacker may be able to leverage this issue to retrieve the contents of arbitrary files on t...