Re: GDI+ and Internet Explorer question

IE has its own image decoders for many image types jpeg, ico, etc. You can trigger this bug remotely by renaming your .ico to .emf or .wmf, which forces it be opened by the Picture and Fax Viewer using GDI+. -HD On Saturday 09 June 2007 06:40, [email protected] wrote: fails to crash my Internet...

CVE-2007-2112

CVE-2007-2112 is an authentication bypass in Oracle Database 10.1.0.5 and 10.2.0.3 (DB05). The description states that remote authenticated users may bypass the AUTH_ALTER_SESSION policy via an AFTER LOGON ON DATABASE trigger, and notes this as related to CVE-2006-0547. The connected documents al...

Bypass Oracle Logon Trigger

Bypass Oracle Logon Trigger Name Bypass Oracle Logon Trigger 7826485 DB05 Systems Affected Oracle 8-10g Rel. 2 Severity High Risk Category Bypass Security Feature Database Logon Trigger Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE Advisory 17...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache modrewrite Windows x86 - Off-by-One Remote Overflow !/bin/sh Exploit for Apache modrewrite off-by-oneWin32. by axis http://www.ph4nt0m.org 2007-04-06 Tested on Apache 2.0.58 Win32 Windows2003 CN SP1 Vulnerable Apache Versions: 1.3 branch: 1.3.28 and 2.0.46 and 2.2.0 and 2006-08-20...

IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit

Exploit for unknown platform in category remote exploits =================================================== IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit =================================================== !/usr/bin/python IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit Tested on windo...

PHP 4.4.5 / 4.4.6 session_decode() Double Free Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...

CVE-2007-1231

Multiple cross-site scripting XSS vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 database name, 2 table name, 3 ViewName, 4 view, 5 trigger, and 6 function fields in main.php and certain other files...

CVE-2007-1231

Multiple cross-site scripting XSS vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 database name, 2 table name, 3 ViewName, 4 view, 5 trigger, and 6 function fields in main.php and certain other files...

Adobe reader plugin PDF files universal crossite scripting

By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...

SQL SERVER security risks--triggers-vulnerability warning-the black bar safety net

| This article is dedicated to the cross I of the development program teacher-XI'an ZHAOLONG of the week the teacher, and learning together AT2Q6101 of classmates. Trigger permissions and ownership CREATE TRIGGER permissions default to the definition of the trigger table owner, members of the...

phpFox XSS Injection

Exploit found by Maximize -- jjj.zkpber.pbz -- ------------------------------------------------------------------- Step1: When editing your profile, in the about me section put the following code img src="http://xss.xss/xss.jpg" z=' Step2: In the field under the About me section put the following...

dsock 1.3 - 'buf' Remote Buffer Overflow (PoC)

A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function torresolve line 218 of software at http://www.monkey.org/dugsong/dsocks/ url PoC: DaveK At a quick glance, this looks like it could indeed be overflowed quite trivially by passing an overlong...

Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities

source: https://www.securityfocus.com/bid/19636/info Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer. The vulnerabilities arise because of the way...

D-Link Router UPNP Stack Overflow

D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time In Days: 136 Severity: High Remote Code Execution Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Rev A...

Stack overflow

Stack-based buffer overflow in the info tip shell extension zipinfo.dll in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an 1 ACE, 2 RAR, or 3 ZIP archive, which is triggered when the user moves the mouse over the archive...

PT-2006-2918 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.10.x up to 0.10.14 Description: The issue is related to multiple buffer overflows that can be triggered remotely, potentially allowing attackers to cause a denial of service crash and possibly execute arbitrary code. This ...

security flaw

A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption...

[SECURITY] [DSA 795-2] Updated i386 proftpd packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 795-2 [email protected] http://www.debian.org/security/ Michael Stone September 2, 2005 http://www.debian.org/security/faq -...

security flaw

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of t...

GLSA-200507-12 : Bugzilla: Unauthorized access and information disclosure

The remote host is affected by the vulnerability described in GLSA-200507-12 Bugzilla: Unauthorized access and information disclosure Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with...