[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115190

 
 

909

 
 

90025

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 13998 Download | Alert*

Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow ...

Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate ...

The host is installed with UltraVNC 1.0.8.2 and is prone to an untrusted search path vulnerability. A flaw is present in the application, which fails to handle a Trojan horse vnclang.dll file in the current working directory. Successful exploitation could allow local users to gain privileges.

The host is installed with McAfee VirusScan Enterprise before 8.8 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle an unspecified Metasploit Framework module. Successful exploitation allows local users to disable the product by leveraging administrative privileges.

The host is installed with Microsoft Windows Fax Services Cover Page Editor and is prone to heap-based buffer overflow vulnerability. The flaw is present in the CDrawPoly::Serialize function in fxscover.exe. Successful exploitation allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file.

The host is installed with PHP and is prone to SQL injection vulnerability. A flaw is present in the set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3. When the MySQLi extension is used, there is no proper interaction with the use of mysqli_fetch_assoc function. Successful exploitation could allow an attacker to execute arbitrary SQL queries and gain unauthorized access.

The host is installed with PHP and is prone to stack based buffer overflow vulnerability. A flaw is present in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 where the application crashes if anti-aliasing steps are invalid. Successful exploitation will cause a denial of service condition.

The host is installed with PHP and is prone to vulnerability. A flaw is present in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 where the function skips the headers that are unrecognized by the iconv and mbstring implementations. Successful exploitation allows attackers to trigger an incomplete output array via a crafted Subject header in an e-mail message.

The host is installed with PHP and is prone to use-after-free vulnerability. A flaw is present in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 where objects that are unreferenced by __set, __get, __isset, and __unset methods are freed early, which leads to heap memory corruption. Successful exploitation will allow attackers to cause a denial of service condition.

The host is installed with OpenSSH and is prone to denial of service vulnerability. A flaw is present in sftp-glob.c and sftp.c, which fail to validate the pathnames passed to its functions. Successful exploitation could allow remote attackers to cause a denial of service.


Pages:      Start    1344    1345    1346    1347    1348    1349    1350    1351    1352    1353    1354    1355    1356    1357    ..   1399

© SecPod Technologies