[CLOSE] OSVDB ID : 53663 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

[CLOSE] OSVDB ID : 39123 - Disclosed: 2007-12-11

Description:

A stack overflow exists in Windows. The Message Queuing Service fails to validate information received via the RPC interface resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 24050 - Disclosed: 2006-03-22

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered due to a memory corruption error when processing a specially crafted "createTextRange()" call associated with a "checkbox" object. It is possible that the flaw may allow attackers to remotely take complete control of an affected system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 20977 - Disclosed: 2005-11-21

Description:

The Google Search Appliance contains a flaw that allows a remote attacker to verify the existance of a file. The issue is due to the proxystylesheet parameter in the search request, which doesn't check for a directory traversal in the file name. This allows an attacker to prepend a ../ sequence to an absolute file path and verify its existance based on the error message returned.

[CLOSE] OSVDB ID : 54932 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."

[CLOSE] OSVDB ID : 25221 - Disclosed: 2006-05-01

Description:

A remote overflow exists in FileZilla. The server fails to validate user-supplied input to the PORT or PASS commands following the MLSD command resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36735 - Disclosed: 2007-09-01

Description:

Toms Gästebuch contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'homepage', 'mail' and 'name' variables upon submission to the 'form.php' script when the 'action' variable is set to 'show'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 40833 - Disclosed: 2008-01-31

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.

[CLOSE] OSVDB ID : 51833 - Disclosed: 2009-02-10

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the Research in Motion RIM AxLoader ActiveX control in AxLoader.ocx and AxLoader.dll in BlackBerry Application Web Loader 1.0 allow remote attackers to execute arbitrary code via unspecified use of the (1) load or (2) loadJad method.

[CLOSE] OSVDB ID : 56 - Disclosed: 2000-02-27

Description:

EZShopper contains a flaw that allows a remote attacker to execute commands on the server and view files outside the web path. The issue is due to the loadpage.cgi script not properly sanitizing user input supplied via the file variable.

[CLOSE] OSVDB ID : 11719 - Disclosed: 2004-11-12

Description:

phpBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 37028 - Disclosed: 2007-09-13

Description:

Joomla joomlaradio Component contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin.joomlaradiov5.php script not properly sanitizing user input supplied to the 'mosConfig_live_site' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 38399 - Disclosed: 2007-09-08

Description:

A buffer overflow exists in the Distributed Management Objects OLE DLL (sqldmo.dll). The ActiveX control fails to provide proper bounds checking on arguments to the Start method resulting in a heap overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 61854 - Disclosed: 2010-01-19

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."

[CLOSE] OSVDB ID : 29264 - Disclosed: 2006-09-28

Description:

OpenSSH (portable) contains a flaw that may allow a remote attacker to execute arbitrary code under some circumstances. When configured with GSSAPI authentication, the signal handler is prone to a race condition that could be exploited to conduct a Denial of Service and possibly execute arbitrary code. No further details have been provided. Note: On OpenSSH, this vulnerability can only be leveraged for a remote Denial of Service. The conditions for remote exploitation to execute arbitrary code are considered to be unlikely.

[CLOSE] OSVDB ID : 44213 - Disclosed: 2008-04-08

Description:

A heap overflow overflow exists in Windows. gdi32.dll fails to validate EMF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 24444 - Disclosed: 2006-04-05

Description:

OpenVPN contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused due to OpenVPN clients allowing the server to transmit environment variables including LD_PRELOAD to client-side shell scripts via 'setenv' configuration directives. It is possible that the flaw may allow arbitrary code execution by placing and loading a file in a known location resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28549 - Disclosed: 2006-09-05

Description:

OpenSSL contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an error within the verification of certain signatures, if an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 v1.5 signature signed by that key. It is possible that the flaw may allow bypassing security restrictions resulting in a loss of integrity.

[CLOSE] OSVDB ID : 33800 - Disclosed: 2007-03-17

Description:

McAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion. Additional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.

[CLOSE] OSVDB ID : 27066 - Disclosed: 2006-07-06

Description:

Advanced Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'form' variables upon submission to the guestbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30044 - Disclosed: 2006-10-23

Description:

(Description Provided by CVE) : Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.

[CLOSE] OSVDB ID : 55845 - Disclosed: 2009-07-14

Description:

Microsoft Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality and/or availability.

[CLOSE] OSVDB ID : 53665 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 14986 - Disclosed: 2004-03-26

Description:

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user supplied arguments upon submission to the stats.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 70858 - Disclosed: 2011-02-09

Description:

MihanTools contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the product.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 38347 - Disclosed: 2007-10-30

Description:

A code execution flaw exists in Update Service ActiveX control. isusweb.dll fails to validate data passed to several methods resulting download of arbitrary code. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 4401 - Disclosed: 2000-12-14

Description:

WatchGuard Firebox SOHO contains a flaw that may allow a remote attacker to remotely change the administrative password. The issue is due to a flaw in the authentication mechanism of the device, which allows a blank unauthenticated request to the /passcfg object. Such a request will reset the password to an empty field allowing the attacker to use any administrative options without having to provide authentication credentials.

[CLOSE] OSVDB ID : 52517 - Disclosed: 2009-03-10

Description:

Windows contains a flaw that may allow a malicious user to spoof DNS records. The issue is triggered by the use of predictable transaction IDs in the Windows DNS Server. It is possible that the flaw may allow DNS cache poisoning resulting in a loss of integrity.

[CLOSE] OSVDB ID : 15467 - Disclosed: 2005-04-12

Description:

A remote overflow exists in Microsoft Exchange Server. The 'SvrAppendReceivedChunk()' function in the 'xlsasink.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted 'X-LINK2STATE' extended verb request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11337 - Disclosed: 2004-10-25

Description:

A local overflow exists in Internet Explorer. The Shell Doc Object and Control Library, or SHDOCVW.DLL, fails to validate the NAME property within the FRAME, IFRAME, and EMBED tags, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 45566 - Disclosed: 2006-09-21

Description:

By default, Triton ATM FT5000 ATMs install with a default password. The '00' user ID has a password of '001234' which is publicly known and documented. This allows attackers to trivially access the system.

[CLOSE] OSVDB ID : 53624 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 26836 - Disclosed: 2006-07-03

Description:

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a COM object in OutlookExpress.AddressBook is referred to a null pointer, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 25600 - Disclosed: 2006-05-08

Description:

A remote overflow exists in Mac OS X Server. The Quicktime Streaming Server fails to validate RTSP requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 271 - Disclosed: 2000-03-21

Description:

Microsoft IIS contains a flaw that allows a remote attacker to view the source of .asp files. The issue is due to IIS mapping all .htw files to be handled by Webhits.dll. By appending a space (%20) to the end of a filename or calling CiWebHitsFile as a variable, setting the "CiHiliteType" variable to "Full", and setting the "CiRestriction" variable to "None", the server will return the source of an .asp file.

[CLOSE] OSVDB ID : 6221 - Disclosed: 2004-05-17

Description:

Microsoft Windows XP Professional Edition contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to CLSID refrences in the "[.ShellClassInfo]" section, which could be exploited by browsing a folder containing a malicious "desktop.ini" file. It is possible that the flaw may allow a malicious user to execute arbitrary commands, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 53662 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 4078 - Disclosed: 2004-02-27

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass certain frame restrictions (aka Cross Frame Scripting aka XFS). The issue is triggered when access validation errors occur within event handling routines. Malicious JavaScript loaded in a parent frame can then record the keyboard events of child frames.

[CLOSE] OSVDB ID : 9011 - Disclosed: 2004-08-19

Description:

A remote overflow exists in SoftCart. SoftCart fails to properly sanitize CGI parameters resulting in a buffer overflow. With a specially crafted request, an attacker can gain system level access and execute arbitrary code resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 59857 - Disclosed: 2009-11-10

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."