3754 matches found
DEBIAN-CVE-2003-0214
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2003-0214
CVE-2003-0214 affects mime-support (Debian) up to version 3.22; run-mailcap can overwrite arbitrary files via a symlink attack on temporary files due to insecure temporary file handling. Debian issued DSAs 292-1/292-2/292-3 to fix mime-support. OpenVAS/NESSUS entries note the system may be missin...
Microsoft Security Bulletin MS03-014: Cumulative Patch for Outlook Express (330994)
-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Cumulative Patch for Outlook Express 330994 Date: 23 April 2003 Software: Microsoft c Outlook Express Impact: Run code of the attacker's choice on a user's machine. Max Risk: Critica...
CVE-1999-1182
This CVE (CVE-1999-1182) affects Linux runtime linkers ld.so and ld-linux.so. A buffer overflow occurs when a long argv[0] triggers an error report by ld.so/ld-linux.so, allowing local users to gain privileges when invoking a setuid program. The attack is local with low complexity; impact is to c...
CVE-1999-1474
CVE-1999-1474 concerns PowerPoint 95 and 97 where opening a document in a browser (e.g., Internet Explorer) could trigger an automatic execution of an application without user prompting. The available sources describe that remote attackers could cause an application to run automatically via the s...
patchadd.pl
Here is an exploit to an old bug for patchadd in Solaris. It exploits a symlink vulnerability to clobber files with output from patchadd. This was written and tested on Solaris 2.8 Sparc with the current patch cluster applied. -- Larry http://vapid.dhs.org:8080 !/usr/local/bin/perl Exploit for...
Security Bulletin MS01-042
---------------------------------------------------------------------- Title: Windows Media Player .NSC Processor Contains Unchecked Buffer Date: 26 July 2001 Software: Windows Media Player 6.4, 7, and 7.1 Impact: Run code of attacker's choice. Bulletin: MS01-042 Microsoft encourages customers to...
[SECURITY] New version of ghostscript released
Package : gs Problem type : symlink attack Debian-specific: no ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasnt secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is...
Проблемы с HTT-фолдерами в Windows
Недобросовестный оператор Web-узла может заставить пользователя подключиться к своему ресурсу по UNC-имени, при этом если допускается вид папок как Web0-фолдеров, то будет выполнены команды из Folder.htt, в т.ч. могут быть запущены исполняемые файлы...
September 7, 2021, update for Office 2016 (KB4484467)
September 7, 2021, update for Office 2016 KB4484467 This article describes update 4484467 for Microsoft Office 2016 that was released on September 7, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't app...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Windows Malicious Software Removal Tool x64 - v5.105 (KB890830)
After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software including Blaster, Sasser, and Mydoom and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you sta...
Security update 1970-01-01
...