Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation

/ $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...

Microsoft Excel COLINFO Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...

Microsoft Excel OBJECT Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...

Microsoft Excel LABEL Record Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of...

Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution

source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A proof-of-concept malicious code named 'Trojan.Hongmosa' is...

libwmf integer/heap overflow

Sorry I don't have time to chase down multiple email addresses of alleged developers; so here this is after weeks of no response. POC is not attached unlike advisory says. It's not very difficult to exploit. ++++++++++++++++++++++++++++++++++++++++++++ Subject: libwmf integer/heap overflow...

Directory traversal

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

Windows Software Restriction Policy Protection Bypass

Windows Software Restriction Policy Protection Bypass Class: Protection bypass Vector: Local Tested on: Windows XP SP2, Windows Server 2003 SP1 Risk: Low Remark: I don't know, what is it - bug or feature, but I can't find any documentation on this issue. Description: Software Restriction Policies...

CVE-2006-2711

Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...

Code injection

Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...

CVE-2006-2711

CVE-2006-2711 affects Secure Elements Class 5 AVR (C5 EVM) version 2.8.1 and earlier (and possibly later 2.8.x), where the same initialization vector (IV) and key are reused for each message session. This is the underlying root cause stated in the CVE description, enabling remote attackers over a...

Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session

Overview Secure Elements Class 5 AVR uses the same encryption key and initialization vector for every message session. This may allow an attacker to discover some information about encrypted messages. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a...

CYBSEC - Security Advisory: Phishing Vector in SAP BC (Business Connector)

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input Validatio...

Sql injection

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135...

CVE-2006-2033

PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. NOTE: this is a different vector than CVE-2006-1212, although it might be the same primary issue...

Manic Web MWGuest 2.1 - MWguest.php HTML Injection

Manic Web MWGuest 2.1 - MWguest.php HTML Injection source: https://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HT...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...

PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting

PHPWebGallery 1.4.1 - picture.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17421/info PHPWebGallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...