MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

The remote host is running a version of Internet Explorer or Outlook Express with a bug in the Vector Markup Language VML handling routine that may allow an attacker execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote host into visiting...

CVE-2007-4081

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in a merchants/index.php, including the 1 id or 2 msg parameter in a programedit action; the 3 pgmid parameter in an uploadProducts actio...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in a merchants/index.php, including the 1 id or 2 msg parameter in a programedit action; the 3 pgmid parameter in an uploadProducts actio...

Opera/Konqueror: data: URL scheme address bar spoofing

With a specially crafted web page, an attacker can redirect a www browser to the page, which URL in the url bar resembles an arbitrary domain choosen by the attacker. It's possible due to the fact, that some web browsers incorrectly display contents of the url bar while rendering pages based on t...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

CVE-2007-3459

A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method...

CVE-2007-3459

A CVE-2007-3459 entry describes a vulnerability in Civitech Avax Vector 1.3 where the ActiveX control Avaxswf.dll version 1.0.0.1 permits remote attackers to create or overwrite arbitrary files by supplying a full pathname to the WriteMovie method. The issue affects the ActiveX component and can ...

Avaxswf.dll v.1.0.0.1 from Avax Vector ActiveX Arbitrary Data Write

No description provided by source. :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================...

Avax Vector ActiveX unauthorized access

WriteMovie method allows write access to the disk...

[GOODFELLAS - VULN ] Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write

:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================ Internal ID: VULWAR200706264 Introduction ------------...

Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 38 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user wit...

Avax Vector Avaxswf.dll 1.0.0.1 - ActiveX Arbitrary Data Write

Avax Vector Avaxswf.dll 1.0.0.1 - ActiveX Arbitrary Data Write :. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: Avaxswf.dll v.1.0.0.1 from Avax Vector software ActiveX Arbitrary Data Write ============================================================================...

[Full-disclosure] H4CREW-000005 EasyNews Pro 4.0 XSS & CSRF

I luv u Ms. Phisher u d4 d1am0nds 1n My Ski h4xorCrew Advirosy 5: Easynews PRO 4.0 XSS and CRSF =================================================== "the game of secuirity is like a sord fight you must think furst b4 you m0ve" H-4 h3r3 2 stay cuz we in da h0uz h4xorcewz n da house and r4w we g0nna...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

PT-2007-4043 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.7 PHP versions 5.0.x and earlier PHP versions prior to 5.2.1 Description: The issue affects the encryption process, making it easier for attackers to decrypt certain data due to guessable encryption keys. This is...

Code injection

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

CVE-2007-2548

Unspecified vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 has unknown impact and an l remote attack vector, related to "Cookie Manipulation."...

CVE-2007-2548

Summary: CVE-2007-2548 concerns TurnkeyWebTools SunShop Shopping Cart 4.0 with an issue in index.php described as a vulnerability tied to cookie manipulation and a remote attack vector . The exact impact is listed as unknown in the description. The available data indicate a remote, low-complexity...