CVE-2008-4385

Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in 1 a certain ActiveX control sysreqlab2.cab, sysreqlab.dll,...

CVE-2008-4472

The CVE-2008-4472 issue is in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56) used by Autodesk products (e.g., Revit Architecture 2009 SP2, Autodesk Design Review 2009). The ApplyPatch method accepts a second argument and can cause arbitrary code execution on a remote Windows host when ...

CVE-2008-4472

The UpdateEngine class in the LiveUpdate ActiveX control LiveUpdate16.DLL 17.2.56, as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method...

Design/Logic Flaw

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs...

Gentoo Security Advisory GLSA 200710-18 (util-linux)

The remote host is missing updates announced in advisory GLSA 200710-18. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200606-07 (vixie-cron)

The remote host is missing updates announced in advisory GLSA 200606-07. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200606-07 (vixie-cron)

The remote host is missing updates announced in advisory GLSA 200606-07. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

openSUSE 10 Security Update : postfix (postfix-5603)

When exectuting external programs postfix didn't close the file descriptor of the epoll system call. This could potentially be exploited to shutdown postfix CVE-2008-3889. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

[Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow

Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Assurent ID: FSC20080909-12 1. Affected Software Digital Image Suite 2006 Forefront Client Security 1.0 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Window...

FreeBSD Ports: frontpage -- cross site scripting vulnerability

The remote host is missing an update to the system as announced in the referenced advisory. VID c0171f59-ea8a-11da-be02-000c6ec775d9 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: p5-Archive-Zip

The remote host is missing an update to the system as announced in the referenced advisory. VID a5742055-300a-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Sql injection

SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-3753

SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-3753

The CVE-2008-3753 entry affects the YourFreeWorld Programs Rating Script, with a vulnerability in details.php that allows SQL injection through the id parameter. This is described as a remote SQL command execution vulnerability. Connected documents also reference this CVE under various feeds (NVD...

CVE-2008-3753

SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

prograte-sql.txt

|| | | Programs Rating details.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script :http://www.yourfreeworld.com/script/rating.php | | DorK : ^...

java-1.5.0 Privilege escalation via unstrusted applet and application

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...

JDK untrusted applet/application privilege escalation (6661918)

Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as...

CVE-2008-3329

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...

Design/Logic Flaw

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."...