Microsoft Powerpoint Remote Code Execution Vulnerability

Description Microsoft PowerPoint is prone to a remote code-execution vulnerability. This issue occurs when the application handles malformed record data within a presentation file. A successful exploit of this issue will let attackers execute arbitrary code in the context of the targeted user...

CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, whi...

CVE-2006-3227

CVE-2006-3227 describes an interpretation conflict between Internet Explorer and other browsers (e.g., Mozilla/Firefox/Opera) that may let remote attackers alter the visual presentation of web pages and potentially bypass protection mechanisms by using ASCII characters with the 8th bit set. IE ma...

CVE-2006-0004

Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder TIFF...

Citrix Program Neighborhood name buffer overflow

Added: 02/01/2006 CVE: CVE-2005-3652 BID: 15907 OSVDB: 21816 Background Citrix Presentation Server, formerly Citrix MetaFrame, allows applications to be deployed across a network to various client platforms, including Windows, Unix, Macintosh, DOS, and OS/2. The Program Neighborhood Agent running...

ctxpoliciesbypass.txt

DESCRIPTION: ============ Vulnerability in Presentation Server allow to user bypass citrix policy which is applied to client name. SOFTWARE: Citrix Metaframe Presentation Server 3.0 / 4.0 ========= INFO: ===== Citrix Presentation Server policy is used for admins to restrict the user environment a...

CVE-2005-3134

Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name ClientName...

CVE-2005-3134

Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name ClientName...

CVE-2005-3134

CVE-2005-3134 affects Citrix Metaframe Presentation Server 3.0 and 4.0. The issue allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the ClientName, enabling partial impacts to confidentiality, integrity, and availability as per the CVSSv2 vector...

Citrix Metaframe Presentation Server protection bypass

Restrictions policy is based upon paramters controlled by client...

Citrix Metaframe Presentation Server bypassing policies

DESCRIPTION: ============ Vulnerability in Presentation Server allow to user bypass citrix policy which is applied to client name. SOFTWARE: Citrix Metaframe Presentation Server 3.0 / 4.0 ========= INFO: ===== Citrix Presentation Server policy is used for admins to restrict the user environment a...

USN-155-1: Mozilla vulnerabilities

Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...

CVE-2005-1408

Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation...

Apple Keynote Presentation < 2.0.2 keynote: URI Handler Arbitrary File Access

The remote host contains a version of Keynote 2 which is older than 2.0.2. The installed version is affected by a security issue which may allow an attacker to send a rogue keynote file containing malformed URI links in it. An attacker can exploit this issue to read and upload arbitrary local fil...

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

CVE-2004-1798

CVE-2004-1798 describes a cross-site scripting vulnerability in RealNetworks RealPlayer/RealOne Player where a SMIL presentation can include a URL with the scripting protocol (e.g., javascript:) that is executed in the security context of the previously loaded URL. The issue arises from RealPlaye...

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

security flaw

Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of service crash via a zero-length Presentation protocol selector...

Ethereal fails to properly handle a zero-length Presentation protocol selector

Overview Ethereal fails to properly handle a zero-length Presentation protocol selector, which could cause Ethereal to crash. Description Ethereal is a network traffic analysis package. There is a vulnerability in the way Ethereal processes a zero-length Presentation protocol selector. Exploitati...

multiple vulnerabilities in ethereal

Stefan Esser of e-matters Security discovered a baker's dozen of buffer overflows in Ethereal's decoders, including: NetFlow IGAP EIGRP PGM IRDA BGP ISUP TCAP UCP In addition, a vulnerability in the RADIUS decoder was found by Jonathan Heusser. Finally, there is one uncredited vulnerability...