|
18293
|
Views: 343
Description:
By default, many of Belkin wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system.
Comments: 1, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| - Authentication Management
| | | | | |
|
Belkin 54G Routers Admin Account Default Null Password
|
|
40621
|
Views: 307
Description:
Simple PHP Blog contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions to delete posts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Simple PHP Blog (SPHPBlog) add_link.php link_id Parameter CSRF
|
|
16866
|
Views: 190
Description:
A remote overflow exists in Terminator 3: War of the Machines. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long CD-key hash, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Comments: 0, Blogs: 0, References: 6
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Terminator 3: War of the Machines Client CD-key Overflow
|
|
44643
|
Views: 136
Description:
A buffer overflow exists in HD Audio Codec Driver. RTKVHDA.sys and RTKVHDA64.sys fail to validate IOCTL requests resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | - Vendor Verified
- Coordinated Disclosure
| |
|
Realtek HD Audio Codec Driver RTKVHDA.sys / RTKVHDA64.sys IOCTL Request Handling Overflow
|
|
382
|
Views: 133
Description:
By default, PostgresSQL installs without a default password for the postgres user account. This username and password combination is publicly known and documented. This allows attackers to trivially access the program or system with administrative priveleges.
Comments: 0, Blogs: 0, References: 22
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
- Local Access Required
| - Authentication Management
| - Loss of Confidentiality
- Loss of Integrity
- Loss of Availability
| | | | |
|
PostgreSQL Server Default Password
|
|
53620
|
Views: 95
Description:
A memory corruption flaw exists in Windows. WinHTTP.dll fails to properly parse the HTTP chunksize parameter resulting in an integer underflow. With a specially crafted HTTP response, a context-dependent attacker can cause arbitrary code execution, resulting in a loss of integrity.
Comments: 0, Blogs: 21, References: 12
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow
|
|
53182
|
Views: 95
Description:
(Description Provided by CVE) : Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
Comments: 0, Blogs: 8, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Microsoft PowerPoint PPT File Handling Unspecified Code Execution
|
|
877
|
Views: 93
Description:
RFC compliant web servers support the TRACE HTTP method, which contains a flaw that may lead to an unauthorized information disclosure. The TRACE method is used to debug web server connections and allows the client to see what is being received at the other end of the request chain. Enabled by default in all major web servers, a remote attacker may abuse the HTTP TRACE functionality, i.e. cross-site scripting (XSS), which will disclose sensitive configuration information resulting in a loss of confidentiality.
Comments: 0, Blogs: 0, References: 27
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Multiple Web Server Dangerous HTTP Method TRACE
|
|
54934
|
Views: 92
Description:
(Description Provided by CVE) : The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
Comments: 0, Blogs: 15, References: 7
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation
|
|
28068
|
Views: 91
Description:
Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' form field parameter upon submission to the gbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Doika Guestbook gbook.php page XSS
|
|
|
54946
|
Blogs: 23
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
Comments: 0, Blogs: 23, References: 14
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | - Web Related
- Context Dependent
|
|
Microsoft IE DHTML Object Handling Crafted Method Memory Corruption
|
|
54934
|
Blogs: 15
Description:
(Description Provided by CVE) : The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
Comments: 0, Blogs: 15, References: 7
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DLL Loading Privilege Escalation
|
|
54937
|
Blogs: 9
Description:
(Description Provided by CVE) : The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
Comments: 0, Blogs: 9, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows Active Directory Crafted LDAP(S) Request Invalid Free Arbitrary Code Execution
|
|
54386
|
Blogs: 6
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
Comments: 0, Blogs: 24, References: 22
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Microsoft PowerPoint PPT Importer (PP4X32.DLL) Legacy File Format Handling Multiple Overflows
|
|
54960
|
Blogs: 4
Description:
(Description Provided by CVE) : Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
Comments: 0, Blogs: 4, References: 15
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Microsoft Word Malformed Record Handling Overflow (2009-0565)
|
|
54130
|
Blogs: 3
Description:
A memory corruption flaw exists in Adobe and Acrobat Reader. The getAnnots() JavaScript method fails to validate input read from a malformed PDF file resulting in memory corruption. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
Comments: 0, Blogs: 11, References: 16
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Adobe Reader getAnnots() JavaScript Method PDF Handling Memory Corruption
|
|
53620
|
Blogs: 2
Description:
A memory corruption flaw exists in Windows. WinHTTP.dll fails to properly parse the HTTP chunksize parameter resulting in an integer underflow. With a specially crafted HTTP response, a context-dependent attacker can cause arbitrary code execution, resulting in a loss of integrity.
Comments: 0, Blogs: 21, References: 12
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows HTTP Services Web Server Response Unspecified Integer Underflow
|
|
54936
|
Blogs: 2
Description:
(Description Provided by CVE) : The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
Comments: 0, Blogs: 2, References: 6
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote/Network Access Required
| | | | | | |
|
Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote Code Execution
|
|
54958
|
Blogs: 2
Description:
(Description Provided by CVE) : Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."
Comments: 0, Blogs: 2, References: 22
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Microsoft Excel Malformed Record Object Pointer Handling Remote Code Execution (2009-1134)
|
|
54940
|
Blogs: 2
Description:
(Description Provided by CVE) : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
Comments: 0, Blogs: 2, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation
|
Blogs provided by Technorati
|