Debian DSA-2366-1 : mediawiki - multiple vulnerabilities

Several problems have been discovered in MediaWiki, a website engine for collaborative work. - CVE-2011-1578 CVE-2011-1587 Masato Kinugawa discovered a cross-site scripting XSS issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes ar...

Reverse Engineering SEHOP Chain Validation

Reverse Engineering code of SEHOP Chain Validation by x90c [email protected] -- sehopchainvalidation.c -- typedef struct EXCEPTIONREGISTRATIONRECORD struct EXCEPTIONREGISTRATIONRECORD Next; PEXCEPTIONROUTINE Handler; EXCEPTIONREGISTRATIONRECORD, PEXCEPTIONREGISTRATIONRECORD; / first ER struct o...

IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability

Title: IpToolsTiny TCP/IP server - WebServer Directory Traversal Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-01-06 Updated: Impact : High Bu...

VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability

This host is running VertrigoServ and is prone to cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbvertrigoservextparamxssvuln.nasl 5792 2017-03-30 13:18:14Z cfi $ VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

IpTools 0.1.4 Directory Traversal

Title: IpToolsTiny TCP/IP server - WebServer Directory Traversal Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-01-06 Updated: Impact : High Bu...

WordPress CartPress Plugin 'tcp_post_ids' Parameter Cross Site Scripting Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress WHOIS Plugin 'domain' Parameter XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Web File Browser <= 0.4b14 File Download Vulnerability - Active Check

Web File Browser is prone to file download vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Shockwave Player TextXtra.x32 vulnerability

1. Advisory Information Title: Adobe Shockwave Player TextXtra.x32 vulnerability Advisory ID: CORE-2011-0825 Advisory URL: http://www.coresecurity.com/content/adobe-shockwave-textxtra-vulnerability Date published: 2011-11-08 Date of last update: 2011-11-08 Vendors contacted: Adobe Release mode:...

EnjoySAP SAP GUI ActiveX Control Arbitrary File Download (CVE-2008-4830)

An arbitrary file download vulnerability has been reported in EnjoySAP, a GUI for SAP. The vulnerability is due to an input validation error while processing a certain method. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted HTML page...

CORE-2011-0106: Microsoft Publisher 2007 Pubconv.dll Memory Corruption

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Microsoft Publisher 2007 Pubconv.dll Memory Corruption 1. Advisory Information Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption Advisory ID: CORE-2011-0106...

Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞

CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误，可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件，可使pubconv.dll库复制很多文件内容到栈中，从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁： Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Microsoft Publisher 2007 Pubconv.dll Memory Corruption

Core Security Technologies - Corelabs Advisory Microsoft Publisher 2007 Pubconv.dll Memory Corruption 1. Advisory Information Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption Advisory ID: CORE-2011-0106 Advisory URL:...

MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799)

This host is missing an important security update according to Microsoft Bulletin MS11-080. OpenVAS Vulnerability Test $Id: secpodms11-080.nasl 5362 2017-02-20 12:46:39Z cfi $ MS Windows Ancillary Function Driver Privilege Elevation Vulnerability 2592799 Authors: Antu Sanadi Copyright: Copyright ...

SolarWinds Orion NPM 10.1.2 SP1 Multiple XSS Vulnerabilities

SolarWinds Orion NPM is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability

This host is running ManageEngine ServiceDesk Plus and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmanageengineservicedeskplusxssvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ ManageEngine ServiceDesk Plus 'searchText' XSS Vulnerability Authors: Antu Sanadi...

ManageEngine ServiceDesk Plus <= 8.0 Build 8011 'searchText' XSS Vulnerability

ManageEngine ServiceDesk Plus is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft WINS - ECommEndDlg Input Validation Error (MS11-035/MS11-070)

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL: http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validati...

Core Security Technologies Advisory 2011.0526

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL: http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validati...

MS WINS ECommEndDlg Input Validation Error

Exploit for windows platform in category dos / poc Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MS WINS ECommEndDlg Input Validation Error 1. Advisory Information Title: MS WINS ECommEndDlg Input Validation Error Advisory ID: CORE-2011-0526 Advisory URL:...