An issue exists in how chrome behaves with undefined-handlers in chrome.dll version 0.2.149.27 . A crash can result without user interaction. When a user is made to visit a malicious link, which has an undefined handler followed by a 'special'
AWStats Totals is "a simple php script to view the AWStats totals (Unique visitors, Number of visits, Pages, Hits and Bandwidth) of multiple sites. The page has a month selection input form and you can sort on each column. It
Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Sun Microsystems Inc.'s snoop could allow an attacker to execute arbitrary code with the privileges of the nobody user, the following exploit code can be used to test your system for
The following is a version independent IOS shellcode, it will work on most of the Cisco's IOS operating systems and provide escalation of privileges to level 15 as well as remove the requirement to enter a password .
Neither you nor your users have time to devote to a complex printing environment. That's why Novell iPrint extends print services securely across multiple networks and operating systems. Using proven Internet technologies, iPrint transforms your Novell Distributed Print Services (NDPS)
Kyocera Mita multifunction devices come with the ability to scan to the user's desktop. Part of the solution requires a listener at the PC/Mac, which handles authorization and document upload. This listener has several logic bugs and, as a result,
By understanding how ASP .NET malicious request filtering functions, ProCheckUp has found that it is possible to bypass ASP .NET ValidateRequest filters and perform XSS and HTML injection even against systems protected with the MS07-040 patch . This patch fixed
vBulletin [1] is a community forum solution for a wide range of users, including industry leading companies. A XSS vulnerability has been discovered that could allow an attacker to carry out an action impersonating a legal user, or to obtain
AWStats Totals is "a simple php script to view the AWStats totals (Unique visitors, Number of visits, Pages, Hits and Bandwidth) of multiple sites. The page has a month selection input form and you can sort on each column. It
The mod_proxy_ftp module of the Apache HTTP Server is vulnerable to a cross-site scripting vulnerability when handling requests with wildcard characters (aka globbing characters) .
Dreambox is "a Linux-based DVB satellite, terrestrial and cable digital television decoder (set-top box), produced by German multimedia vendor Dream Multimedia". Marc Ruef at scip AG found an input validation error within the web interface of the model DM500C. Other
Credit: The information has been provided by Ferruh Mavituna . The original article can be found at: http://labs.portcullis.co.uk/application/bsql-hacker/
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library (such as Pidgin). User interaction is not required to exploit this vulnerability .
Calendarix is a powerful and easy to use web-based calendar that runs on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user with the quickest possible navigation
DriveCrypt is an "Ideal to encrypt USB-disks/sticks, secondary disks /partitions, CDs, DVDs, containers etc. DriveCrypt also allows to hide data in music files and create hidden containers/ partitions: By entering the correct password, the disks open, if however you are
Like most BIOSes, Intel's firmware PE94510M.86A.0050.2007.0710.1559 (07/10/2007) can be used to ask a password to users at boot time to implement a pre-boot authentication. The password checking routine of Intel's BIOS fails to sanitize the BIOS keyboard buffer after reading
The xine free multimedia player suffers from a number of vulnerabilities ranging in severity. The worst of these vulnerabilities results in arbitrary code execution and the least, in unexpected process termination . Five heap buffer overflows exist in parsing of
A vulnerability in Windows Media Service's ActiveX allows attackers that can trick a user to visit a certain page to execute arbitrary code by overflowing an internal buffer used by the product, this vulnerability affects only vanilla (no patches or
Protect your desktops, laptops, and file servers with OfficeScan , comprehensive security against today's complex, blended threats and Web-based attacks." Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass
Anzio Web Print Object (WePO) is a Windows ActiveX web page component that, when placed on a web page can "push" a print job from a file or web server to a user's local printer without having to display the
