Microsoft Zero Administration Kit (ZAK) 1.0 and Office97 Backdoor Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/181/info Zero Administration Kit ZAK was designed to allow administrators to among other things lock down the NT environment and restrict the user's access to certain applications and system functions. In an instance wher...

util-linux-ng登录远程日志注入漏洞

BUGTRAQ ID: 28983 CVECAN ID: CVE-2008-1926 util-linux-ng是增强版本的Util-linux软件包，包含有多种linux工具和应用。 util-linux-ng软件包的login.c在记录登录尝试时存在参数注入漏洞，远程攻击者可以在登录名称中添加addr=语句在审计日志中修改部分日志事件，从而隐藏其登录尝试等行为。 Karel Zak util-linux-ng 2.13.1.1 Karel Zak --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

beehiveVulns.txt

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...

CVE-1999-1431

CVE-1999-1431 describes a local bypass in ZAK Appstation: an attacker can launch Explorer from Office 97 applications (e.g., Word), install software into the TEMP directory, and rename it to an allowed executable such as Winword.exe to bypass the Run only allowed apps policy. CVSS v2 is base 4.6 ...