CVE-2008-1926

Argument injection vulnerability in login login-utils/login.c in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."...

Crack mysql root password in several ways-vulnerability warning-the black bar safety net

Online streaming of several crack mysql root password in several ways: Method one Using phpmyadmin, this is the easiest, and modify the mysql database user table, but don't forget to use the PASSWORD function. Method two Using mysqladmin, which was previously statement of a special case...

Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow

Overview The Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office Web Components are ActiveX controls that provide...

Koobi Pro 5.7 (categ) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== Koobi Pro 5.7 categ Remote SQL Injection Vulnerability ======================================================== + Koobi Pro 5.7 index.php categ Remote Sql Inj. Vuln +...

CVE-2008-0696

IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors...

Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities

Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...

Memory corruption

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

CVE-2008-0413

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Mozilla javascript engine crashes

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Design/Logic Flaw

The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via 1 the :demuxdump-file option in a filename in a playlist, or 2 a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability...

MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution

The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...

Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog on the remote host fails to sanitize input to the 'template' parameter of the 'loudblog/inc/parseold.php' script before using it in an 'eval' statement to evaluate PHP...

USN-559-1: MySQL vulnerabilities

Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. CVE-2007-5925 It was discovered that under certain conditions MySQL could be made to...

phpkit-sql.txt

!/usr/bin/perl Vulnerability found & exploit written by $h4d0wl33t shadowleet Contact: [email protected] Phpkit 1.6.4pl1 Non Public Exploit by $hadowleet, Description: Vulnerability in file pkinc/public/article.php On line 71: $contentid=!$contentid && isset$REQUEST'contentid' &&...

CVE-2007-5928

OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear...

MySQL <= 5.0.45 (Alter) Denial of Service Vulnerability

No description provided by source. / MySQL =6.0 possibly affected Kristian Erik Hermansen Credit: Joe Gallo You must have ALTER permissions to exploit this bug! Scenario: You found SQL injection, but you want to punch backend server in the nuts just for fun. Start with the ALTER TABLE statement o...

RealPlayer playlist name stack buffer overflow

Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

Buffer overflow

Buffer overflow in NetSupport Manager NSM Client 10.00 and 10.20, and NetSupport School Student NSS 9.00, allows remote NSM servers to cause a denial of service or possibly execute arbitrary code via crafted data in the configuration exchange phase of an initial connection setup. NOTE: a vendor...

Null pointer dereference

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...

CVE-2007-4639

EnterpriseDB Advanced Server 8.2 does not properly handle certain debugging function calls that occur before a call to pldbgcreatelistener, which allows remote authenticated users to cause a denial of service daemon crash and possibly execute arbitrary code via a SELECT statement that invokes a...