Information disclosure

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validatio...

Linux Kernel "ip_expire()"拒绝服务漏洞

CVE ID：CVE-2011-1927 Linux是一款开放源代码的操作系统。 net/ipv4/ipfragment.c提供的"ipexpire"函数存在错误，传递给devnet函数的参数缺少校验，向系统发送分片报文可导致由空指针引用的内核崩溃。 Linux Kernel 2.6.x 厂商解决方案 Linux Kernel 2.6.39已经修复此漏洞，建议用户下载使用： http://www.kernel.org/...

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

This host is missing a critical security update according to Microsoft Bulletin MS11-007. OpenVAS Vulnerability Test $Id: secpodms11-007.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerability in the OpenType Compact Font Format CFF Driver Could Allow Remote Code Execution 2485376 Authors: Madhuri D...

LDF (Default.asp) Sql Injection Vulnerability

Product : LDF vendor : www.ldf.22.cn Vulnerable Versions : All Default.asp Page has an issue on validating "Page" parameter , It could be exploited by attacker & attacker can inject arbitrary Sql Commands http://www.example.com/ldf path/default.asp?page=SQL COMMAND...

Vito CMS SQL Injection

Exploit Title: Vito CMS SQL Injection Vulnerability Date: 2010-02-11 Author: [email protected] Software Link: http://kameleon-lab.com/vito-cms.php it isn't download link, because it is not free Version: n/a .:. Author : [email protected] .:. Contact: [email protected], [email protected] .:. Hom...

CVE-2009-1979 (Oracle RDBMS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. This vulnerability was ranked 10.0 for Windows in CPUoct2009 and related to improper AUTHSESSKEY parameter length validation. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html Executable + source code attached...

Design/Logic Flaw

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

CVE-2008-7102

DotNetNuke 2.0–4.8.4 is affected by a skin-file security bypass vulnerability that lets remote attackers load .ascx files instead of skin files due to parameter-validation issues. Affected component: skin file handling; root cause: parameter validation weakness. Impact per sources: potential acce...

MDPro Surveys Module SQL Injection Vulnerability

MDPro is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4258

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."...

CVE-2008-4258

CVE-2008-4258 describes a remote code execution vulnerability in Microsoft Internet Explorer 5.01 SP4 and IE6 SP1 caused by improper parameter validation during navigation method calls, leading to memory corruption when processing crafted HTML. Connected advisories (MS08-073) group this with rela...

PT-2008-5541 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 6 SP1 Description: A remote code execution issue exists due to improper validation of parameters during calls to navigation methods. This allows attackers to execute arbitrary code via a...

NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln

No description provided by source. vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticat...

Python 'Imageop'模块参数验证缓冲区溢出漏洞

BUGTRAQ ID: 31932 CNCAN ID：CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证，远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供，可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...

CVE-2008-2252

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory...

1024 CMS多个文件包含漏洞

BUGTRAQ ID: 30091 1024是基于PHP和MySQL的内容管理系统。 1024 CMS中存在多个文件包含漏洞，允许恶意用户泄露敏感信息或入侵有漏洞的系统。 1...

CVE-2008-1736

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...