Microsoft Internet Explorer 8.0 Beta 2 suffers from various security holes relating to the Anti-XSS filter it has built-in. Examples of how to bypass this filter are included.
bf1c3a2b9bde334002cee2e30b1693e6e24476d9f1a2f9b5fe1957f34d5fed62Facebook Image Uploader versions 5.0.14.0 and below suffer from a stack buffer overflow vulnerability.
6152aa9c19bfdd72791f98dfb5833a168d8504603ca4d7435002e4d4abb45373Various cross site scripting flaws exist in Oracle Reports 9.0.2.
c3314b3f65f7f9578497cceda140926c18480d0a6f9cd7a67d1799ed497ea7b0Finjan has discovered a new vulnerability in Microsoft Word XP that would allow a hacker to launch a buffer overflow attack. This attack could occur when a user opened a Word document using Internet Explorer.
88ddeadbe4476a6f5b1f5544ec3482bcd443d604087437ea5acb0aaa974b10e9Flaws in Kazaa allow for arbitrary code execution and for remote execution of code.
54d24c88f2912b09d0b345f953c5e2770d0632927a44603c2da9fd28f2b664fcGallery 1.3.4 suffers from remote script inclusion and cross site scripting vulnerabilities.
36bc6482ca51b4b7350ffc8c1ee1e6a6bb416073b0a7a3a9c534cf7492035976Microsoft Internet Explorer 6 is susceptible to a flaw that allows for malicious file download via manipulation of the File Download Information bar functionality.
9819de7846ae70cadf20f378c91cc61117a83847a9ab9ea1767507c8b371ec78WinAce WinHKI version 1.4d suffers from a directory traversal flaw that allows a compressed archive to overwrite files below the extraction directory.
7acca77e689274d3cd982f9d900df6860a2925ef7a040d858a40a2163d48384eA stack buffer overflow exists in all Symantec products in all versions until 2005.
1547ccdc34d04f8a18cf75c06785fbcbed245d4632a1fa13b5ff3ead034b0424iDEFENSE Security Advisory 05.26.04: Remote exploitation of a buffer overflow in firmware release 1.1.9.4 of 3Com's OfficeConnect Remote 812 ADSL Router could allow a denial of service. By sending a specially formed long string to the telnet port of a vulnerable device containing Telnet escape sequences, it is possible to get it to either reboot or stop handling packets. If the device does not reboot spontaneously, it will require a manual reboot before continuing normal operation.
02eabd38499d8724a5f09a1c30c54ba23979a167fff06c240818836ce07ce693The msxml3.dll crashes when a page is refreshed that has an ampersand included inside of a link or value.
87782652da2a9d4d71ad20c25f67177ce0ebae7ed140f222f81055d63310722dRemote denial of service exploit for Emule 0.42e.
d97b9f4a450cf14a21ea099cb309d992c537fc5102c6f64ccf04d10875f1e39bBitDefender's online scanning service has Active-X related flaws that allow an attacker to run arbitrary code server side.
b99278bb29477cd2c8b3b823340d554551425884717cdd650dc007d6d6ad6370Symantec Virus Detection is susceptible to a buffer overflow.
31a857797e3983ace0f26dc8e18ec9b0bc7e387b4858a2de50c91d2630b74419Mcafee FreeScan is susceptible to buffer overflow and private information disclosure attacks.
965b844a3cdf53e9218191c6a7f6de76daa2d357f51cad2f8a2e1a8cd4df2ca2Panda ActiveScan version 5.0 has a buffer overflow that allows for arbitrary code execution with SYSTEM level privileges.
bb4d99560509598cb4f1c03ef93898aab049201920dcb2e36a4f8e75db55b32fblaxxun3d Platform 7 is susceptible to a buffer overflow that allows for arbitrary code execution with SYSTEM level privileges.
b7a2530778d78625e62544550d13ed956a7c096171f22fca7e63522ee4c5716eInternet Explorer and Explorer.exe can be crashed when a null pointer exception occurs during a shell: call with a double backslash for a filename.
e6a8af3cb27b9431ff48b3e871cc42063063123890dc7539a0dde1e45344aba8VocalTec Gateway version 8 has multiple vulnerabilities. Using an information disclosure vulnerability existant in this server, an attacker can then traverse directories when treating the file as a directory, and gain access to any file normally protected.
d2d7e12389fdeb8f5acccd3265801cd775e76256b88501a5b4d43b3d6ea8a296Invision Power Board versions 1.3 Final is susceptible to a cross site scripting attack.
93d8939b30b06bd6edcf59474442458101779057deb1b80413667302d3c4d1bfVirtuaNews Admin Panel version 1.0.3 Pro is vulnerable to a cross site scripting attack.
205786c68330b41eb6b26b19658148764eb7d43fc3a1175dc049219bdcbb8f1bLan Suite Web Mail version 602Pro running server WEB602/1.04 has multiple vulnerabilities that include path disclosure, cross site scripting problems, and directory listings.
71fb254a30156005bb913286702099d4f1a460f30f4cbf79807f2b3f4a77fe76The InnoMedia VideoPhone version au75200xvi04010x on the Windows platform is susceptible to an authorization bypass when attempting to via a file as a folder. The underlying webserver is GoAhead-Webs.
2aa4026a1e34b2b96369afe2862d487e654e2e64a65fe41aeabc0c2b2f3aed68jgs version 0.1.0 on the win32 platform is vulnerable to a cross site scripting attack.
3fb15a45c855b042c6ca43d7a7ffda8a4863277c350438c8f07701657042b9deBadBlue web server version 2.4 has a local path disclosure vulnerability in phptest.php.
61526ad7e90d57897a735b25cd5b3a4fed70406fc831efc5ad1c0098950b1c52
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed