Security feature bypass

HP eSupportDiagnostics ActiveX control hpediag.dll 1.0.11.0 exports dangerous methods, which allows remote attackers to 1 read arbitrary files via the ReadTextFile method, or 2 read arbitrary registry values via the ReadValue method...

Improper access control

phpRPG 0.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read session ID values in files under tmp/, and then hijack sessions via PHPSESSID cookies...

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities

HP eSupportDiagnostics 1.0.11 - hpediag.dll ActiveX Control Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/26967/info The HP eSupportDiagnostics ActiveX control is prone to multiple information-disclosure vulnerabilities. An attacker can exploit these...

[SECURITY] Fedora 8 Update: xfce4-sensors-plugin-0.10.99.2-3.fc8

This plugin displays various hardware sensor values in the Xfce panel...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

Design/Logic Flaw

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

CVE-2007-6333

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method...

CVE-2007-6332

The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center hpinfocenter.exe 1.0.1.1 in HP Quick Launch Button QLBCTRL.exe, aka QLB 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the...

CVE-2007-6332

The CVE-2007-6332 entry concerns the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center in HP Quick Launch Button 6.3 and earlier on Windows before Vista. The vulnerability, via the SetRegValue method, allows remote attackers to create or modify arbitrary registry ...

pcre integer overflow

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...

pcre integer overflow

Integer overflow in Perl-Compatible Regular Expression PCRE library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large 1 min, 2 max, or 3 duplength values that cause an incorrect length calculation and trigger a buffer overflo...

Double free

Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...

CVE-2007-6279

Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...

DEBIAN-CVE-2007-6279

Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...

DEBIAN-CVE-2007-6277

Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...

CVE-2007-6279

Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...

CVE-2007-6279

Multiple double free vulnerabilities in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed 1 Seektable values or 2 Seektable Data Offsets in a .FLAC file...

CVE-2007-6150

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...