875 matches found
PT-2010-5338 · Red Hat · Condor +1
Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Messaging, Realtime and Grid MRG version 1.3 Description: The installation documentation for Red Hat Enterprise Messaging, Realtime and Grid MRG recommends a configuration that creates a trusted channel with insufficient...
ATutor 1.0 Cross Site Scripting
====================================== Vulnerability ID: HTB22599 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinatutoreditcontentfolder.html Product: ATutor Vendor: Inclusive Design Institute http://www.atutor.ca/ Vulnerable Version: 1.0 Vendor Notification: 01 September 2010...
ArtGK Cross Site Scripting
===================================== Vulnerability ID: HTB22588 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinartgkcms1.html Product: ArtGK CMS Vendor: ArtGK http://artgk-cms.ru/ Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 201...
Gekko Web Builder 0.90 ALPHA Cross Site Scripting
Vulnerability ID: HTB22474 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingekkowebbuilder.html Product: Gekko Web Builder Vendor: Baby Gekko IT Consulting http://www.babygekko.com/ Vulnerable Version: v0.90 ALPHA and Probably Prior Versions Vendor Notification: 01 July 2010...
Unreal Engine 2.5 - UpdateConnectingMessage() Remote Stack Buffer Overflow (PoC)
Unreal Engine 2.5 - UpdateConnectingMessage Remote Stack Buffer Overflow PoC source: https://www.securityfocus.com/bid/41424/info Unreal Engine is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficientl...
Download connection
Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...
Download connection
Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...
E-mail attachment execution
Added: 01/28/2009 Background This tool sends an e-mail attachment which, when executed, establishes a command connection. Limitations This tool requires a user to execute the e-mail attachment in order to succeed. This tool requires the IP address of a working mail server which allows relaying of...
Debian Security Advisory DSA 371-1 (perl)
The remote host is missing an update to perl announced via advisory DSA 371-1. OpenVAS Vulnerability Test $Id: deb3711.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 371-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
PHP ZendEngine ECalloc 整数溢出漏洞
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP内存处理例程ecalloc函数中存在整数溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行指令。 如果脚本能够导致基于不可信任用户数据的内存分配的话,远程攻击者就可以通过发送特制的请求导致以apache用户的权限执行任意指令 PHP PHP = 5.1.6 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 2.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow (2)
AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow 2 // source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory...
RhinoSoft Serv-U FTPd Server 345 - MDTM Time Argument Buffer Overflow (3)
RhinoSoft Serv-U FTPd Server 345 - MDTM Time Argument Buffer Overflow 3 // source: https://www.securityfocus.com/bid/9751/info Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command. The...
CVE-2002-0532
EMU Webmail allows local users to execute arbitrary programs via a .. dot dot in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters...
CVE-2001-0643
Internet Explorer 5.5 does not display the Class ID CLSID when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type...
Microsoft IIS 4.0 / Microsoft JET 3.5/3.5.1 Database Engine - VBA
source: https://www.securityfocus.com/bid/286/info Microsoft's JET database engine feature allows the embedding of Visual Basic for Application in SQL string expressions and the lack of metacharacter filtering by many web applications may allow remote users to execute commands on the system...