269 matches found
Microsoft Publisher memory corruption
Memory corruption on .PUB files parsing...
Memory corruption
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that...
CVE-2007-1754
PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...
Microsoft Publisher memory corruption
Memory corruption on .pub files parsing...
CVE-2006-0001
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts...
Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
Description Microsoft Publisher is prone to a code-execution vulnerability. This is due to a flaw when handling malformed PUB files. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Technologies Affected ...
CVE-2006-3336
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution...
CVE-2006-3336
CVE-2006-3336 affects TWiki up to version 4.0.3 where the upload filter fails to block certain double extensions (e.g., .php.en, .php.1) unless the server disallows script execution in the pub directory. This allows remote attackers to upload and potentially execute scripts, yielding arbitrary co...