Lucene search
K

7916 matches found

seebug.org
seebug.org
added 2008/01/12 12:0 a.m.22 views

VLC Media Player sdpplin_parse() RTSP堆溢出漏洞

BUGTRAQ ID: 27221 VLC Media Player是一款免费的媒体播放器。 VLC在处理畸形格式的数据时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 VLC所使用的旧版Xine库在modules/access/rtsp/realsdpplin.c文件中存在堆溢出漏洞: sdpplint sdpplinparsechar data sdpplint desc = mallocsizeofsdpplint; sdpplinstreamt stream; char buf=malloc3200; char decoded=malloc3200; ... whil...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/01/10 12:0 a.m.50 views

Microsoft Windows TCP/IP实现IGMP及MLD报文远程溢出漏洞(MS08-001)

BUGTRAQ ID: 27100 CVECAN ID: CVE-2007-0069 Microsoft Windows是微软发布的非常流行的操作系统。 Windows内核的TCP/IP实现(tcpip.sys)处理存储IGMPv3和MLDv2查询状态的TCP/IP结构的方式存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 匿名攻击者可以通过在网络上向计算机发送特制的IGMPv3和MLDv2报文来利用此漏洞。成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。 Microsoft Windows XP SP...

9.3CVSS6.9AI score0.49205EPSS
Exploits2
securityvulns
securityvulns
added 2007/12/18 12:0 a.m.53 views

ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability

ZDI-07-079: Hewlett-Packard HP-UX swagentd Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-079.html December 17, 2007 -- CVE ID: CVE-2007-6195 -- Affected Vendor: Hewlett-Packard -- Affected Products: HP-UX 11.11 -- TippingPointTM IPS Customer Protection:...

10CVSS0.7AI score0.13741EPSS
Exploits1
seebug.org
seebug.org
added 2007/12/18 12:0 a.m.34 views

WordPress $_SERVER变量跨站脚本漏洞

BUGTRAQ ID: 26885 WordPress是一款免费的论坛Blog系统。 WordPress处理全局变量时存在漏洞,远程攻击者可能利用此漏洞控制导致跨站脚本执行攻击。 WordPress信任了$SERVER'REQUESTURI'全局变量,因此远程攻击者控制了$SERVER'REQUESTURI'就可以执行跨站脚本攻击。以下是/wp-includes/query.php文件中第34行的有漏洞函数: function isadmin global $wpquery; return $wpquery-isadmin || stripos$SERVER'REQUESTURI',...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/12/13 12:0 a.m.21 views

Microsoft DirectX SAMI及WAV/AVI文件解析远程代码执行漏洞(MS07-064)

BUGTRAQ ID: 26804,26789 CVECAN ID: CVE-2007-3901,CVE-2007-3895 Microsoft DirectX是Windows操作系统中的一项功能,流媒体在玩游戏或观看视频时通过这个功能支持图形和声音。 Microsoft DirectX处理畸形格式的媒体文件时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。 集成DirectX技术的Microsoft DirectShow没有对Synchronized Accessible Media...

9.3CVSS6.9AI score0.45873EPSS
Exploits13
seebug.org
seebug.org
added 2007/12/12 12:0 a.m.29 views

WordPress wp-db.php文件字符集SQL注入漏洞

BUGTRAQ ID: 26795 WordPress是一款免费的论坛Blog系统。 WordPress处理用户数据时存在漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress中的大多数数据库查询使用escape方式过滤SQL字符串,实际上是通过addslashes函数过滤输入,而addslashes函数没有考虑SQL字符串中所使用的字符集,盲目的向单引号前插入反斜线,这样的反斜线可能会形成其他有效的字符。以下是wp-includes/query.php中的漏洞代码: // If a search pattern is specified, load the posts...

6.8AI score
Exploits0
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.108 views

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows

ZDI-07-071: HP OpenView Network Node Manager Multiple CGI Buffer Overflows http://www.zerodayinitiative.com/advisories/ZDI-07-071.html December 6, 2007 -- CVE ID: CVE-2007-6204 -- Affected Vendor: Hewlett-Packard -- Affected Products: OpenView Network Node Manager 7.51 and below -- TippingPointTM...

10CVSS0.8AI score0.69613EPSS
Exploits9
securityvulns
securityvulns
added 2007/12/07 12:0 a.m.66 views

ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability

ZDI-07-070: Skype skype4com URI Handler Remote Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-070.html December 6, 2007 -- CVE ID: CVE-2007-5989 -- Affected Vendor: Skype -- Affected Products: Skype 3.6 GOLD -- TippingPointTM IPS Customer Protection: TippingPoint...

6.8CVSS1AI score0.04441EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2007/12/03 12:0 a.m.13 views

AIX 530005 : U810467

The remote host is missing AIX PTF U810467 which is related to the security of the package bos.net.nfs.client You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/12/03 12:0 a.m.15 views

AIX 530006 : U812675

The remote host is missing AIX PTF U812675 which is related to the security of the package devices.pciex.14103f03.diag You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/12/03 12:0 a.m.11 views

AIX 530005 : U810466

The remote host is missing AIX PTF U810466 which is related to the security of the package bos.perf.tools You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
securityvulns
securityvulns
added 2007/09/26 12:0 a.m.71 views

Simple PHP Blog Multiple Vulnerabilities

Secure Network - Security Research Advisory Vuln name: Simple PHP Blog Multiple Vulnerabilities Systems affected: simplePHPBlog 0.5.0.1, simplePHPBlog 0.4.8 and all previous versions Systems not affected: - Severity: Medium Local/Remote: Remote Vendor URL: http://www.simplephpblog.com/ Authors:...

Exploits0
Packet Storm
Packet Storm
added 2007/09/25 12:0 a.m.24 views

barracude-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 || ISR || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Sp...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/09/25 12:0 a.m.37 views

ImageMagick ReadDIBImage函数整数溢出漏洞

BUGTRAQ ID: 25765 CVECAN ID: CVE-2007-4988 ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。 ImageMagick在处理带有畸形数据的文件时存在整数漏洞,远程攻击者可能诱使用户处理恶意文件控制用户系统。 ImageMagick的ReadDIBImage函数中存在整数溢出漏洞: 558 image-columns=unsigned long dibinfo.width ... 620 bytesperline=4image-columnsdibinfo.bitsperpixel+31/32; 621...

6.8CVSS2.3AI score0.03093EPSS
Exploits2
securityvulns
securityvulns
added 2007/09/24 12:0 a.m.59 views

[ISR] - Barracuda Spam Firewall. Cross-Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 || ISR || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Sp...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2007/09/11 12:0 a.m.43 views

ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack Overflow Vulnerability

ZDI-07-050: Trend Micro ServerProtect RPCFNSetComputerName Stack Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-050.html September 7, 2007 -- CVE ID: CVE-2007-4218 -- Affected Vendor: Trend Micro -- Affected Products: ServerProtect v5.58 -- TippingPointTM IPS Customer...

10CVSS0.4AI score0.13021EPSS
Exploits12
securityvulns
securityvulns
added 2007/09/04 12:0 a.m.48 views

Marshal MailMarshal TAR Unpacking Vulnerability

Marshal MailMarshal TAR Unpacking Vulnerability Overview -------- Vendor: Marshal www.marshal.com Product: MailMarshal = 6.2.1.3253 Vulnerability: Remote file overwrite, Remote execution Risk: HIGH Description ----------- During a security audit for a customer we have discovered a serios...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2007/08/24 12:0 a.m.39 views

Unreal Commander畸形压缩文档多个远程漏洞

BUGTRAQ ID: 25419 Unreal Commander是一款免费的Windows平台文件管理器。 Unreal Commander在解压文件时存在多个安全漏洞,攻击者可能通过诱使用户处理恶意文件控制用户系统。 如果用户使用Unreal Commander解压了文件名包含有类似于以下目录遍历序列的ZIP或RAR文档的话: Something/../../../../../../Program Files/Something/ws232.dll 就会导致在指定目录中创建ws232.dll文件。 ZIP文档中包含有两处写入文件名的位置:Local文件头和Central...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/08/21 12:0 a.m.22 views

雅虎通ywcvwr.dll远程堆溢出漏洞

BUGTRAQ ID: 25330 雅虎通是一款非常流行的即时通讯工具。 雅虎通在处理畸形功能请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 雅虎通中有个名为webcam的功能。当webcam请求初始化的时候雅虎通会生成一个类(webcamclass),webcamclass会在这个地方(ywcvwr.dll)申请一段内存,这段内存的长度是0x400: .text:10001737 cmp edi, esp+0Ch+arg0 .text:1000173B jl short loc10001735 .text:1000173D cmp edi, 1400000h...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/08/17 12:0 a.m.35 views

Microsoft IE pdwizard.ocx ActiveX控件远程代码执行漏洞(MS07-045)

BUGTRAQ ID: 25295 CVECAN ID: CVE-2007-3041 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE的pdwizard.ocx控件实现上存在漏洞,远程攻击者可能利用此漏洞控制用户系统。 pdwizard.ocx控件中存在内存破坏漏洞,如果用户受骗使用IE访问了恶意站点的话就可能导致执行任意代码。成功利用此漏洞的攻击者可以获得与本地用户相同的用户权限,那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 Microsoft Internet Explorer 7.0 Microsoft Intern...

9.3CVSS6.4AI score0.28979EPSS
Exploits1
Rows per page
Query Builder