CVE-2006-6347

Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector...

CVE-2006-6276

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting XSS, and poison web...

encapscms 0.3.6 - Remote File Include by Firewall

Firewall encapscms 0.3.6 - Remote File Include by Firewall BuG FounD by Firewall Application Affect: encapscms 0.3.6 Sorce Code: http://scripts.ringsworld.com/content-management/encapscms-0.3.6.zip Code: includeonce$root."core/Config.php"; includeonce$root."core/DBsql.php";...

America Online ICQ ActiveX Control Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of AOL ICQ. User interaction is not required to exploit this vulnerability. The specific flaw exists in the DownloadAgent function of the ICQPhone.SipxPhoneManager ActiveX control with the following CLSID:...

[Full-disclosure] ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability

ZDI-06-037: America Online ICQ ActiveX Control Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-037.html November 6, 2006 -- CVE ID: CVE-2006-5650 -- Affected Vendor: America Online -- Affected Products: America Online ICQ 5.1 -- TippingPointTM IPS Customer...

Microsoft Outlook Express Windows地址簿文件解析溢出漏洞（MS06-016）

Microsoft Outlook Express是Microsoft Windows操作系统捆绑的邮件和新闻组客户端。 Microsoft Outlook Express在解析特制的Windows地址簿（.wab）文件时存在堆溢出漏洞，攻击者可以诱骗用户打开特制的.wab文件导致在用户系统上执行任意代码。 Microsoft Outlook Express 5.5 SP2 - Microsoft Windows 2000 SP4 Microsoft Outlook Express 6.0 - Microsoft Windows XP SP2 - Microsoft Windows...

HP-UX 11i (LIBC TZ enviroment variable) Local Root Exploit

No description provided by source. / HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the...

HP-UX 11i - 'LIBC TZ' Enviroment Variable Privilege Escalation

/ HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient bounds checking in the localtimer and related functions. Any...

MS Windows 2000 sp1/sp2 isapi .printer Extension Overflow Exploit

No description provided by source. / iishack 2000 - eEye Digital Security - 2001 This affects all unpatched windows 2000 machines with the .printer isapi filter loaded. This is purely proof of concept. Quick rundown of the exploit: Eip overruns at position 260 i have 19 bytes of code to jump back...

Another Mambo module remote inclusion vulneribility

Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file : MambWeather/Savant2/Savant2Pluginoptions.php ?php / Base plugin class. / global...

CVE-2006-5377

Technical details about CVE-2006-5377 are not provided in the supplied documents. No affected products, root cause, or remediation are disclosed here. Monitor for updates in the connected sources.

Internet Explorer VML Rect Fill Method Buffer Overflow (MS06-055; CVE-2006-4868)

Microsoft Internet Explorer is the most widely used Internet browser. Microsoft Internet Explorer fails to handle Vector Markup Language VML tags. VML is a set of XML tags for drawing vector graphics. A remote attacker may trigger this vulnerability to execute arbitrary code on the target system...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion

Buzlas 2006-1 Full - ArchiveTopic.php Remote File Inclusion source: https://www.securityfocus.com/bid/20511/info Buzlas is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...

Microsoft Windows / Internet Explorer 0-day vulnerability

Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation...

CVE-2006-4990

CVE-2006-4990 describes PHP remote file inclusion vulnerabilities in PhotoPost 4.0–4.6 where an attacker can execute arbitrary PHP code by supplying a URL to the PP_PATH parameter across multiple PHP scripts (e.g., zipndownload.php and others). The issue enables code execution via network access ...

MS06-055: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

The remote host is running a version of Internet Explorer or Outlook Express that is vulnerable to a bug in the Vector Markup Language VML handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote...

VulnCheck KEV: CVE-2006-4868

Stack-based buffer overflow in the Vector Graphics Rendering engine vgx.dll, as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language VML file with a long fill...

Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...