#SURGEMAIL NETWIN LICENSE KEY DIRECTORY CODE#Unspecified vulnerability in the tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to an incorrect IObjectsafety implementation and Microsoft Visual Basic 6 objects, aka "ActiveX Object Vulnerability." Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow. #SURGEMAIL NETWIN LICENSE KEY DIRECTORY FOR MAC#Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 20 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components." NOTE: this can be leveraged for code execution via a POST with PHP code in the content parameter.īuffer overflow in fileplace in in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.īuffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. Index.php in Ryan Haudenschilt Family Connections (FCMS) 0.6 and earlier allows remote attackers to access an arbitrary account by placing the account's name in the value of an fcms_login_id cookie. NOTE: authentication can be bypassed by using vector 1 followed by vector 2, and possibly can be bypassed by using a single vector. Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ArcGIS, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number that requires more than 8 bytes to represent in ASCII, which triggers the overflow in an sprintf function call.įedora Commons before 2.2.1 does not properly handle certain authentication requests involving Java Naming and Directory Interface (JNDI), related to (1) a nonexistent account name in combination with an empty password, which allows remote attackers to trigger a certain "unexpected / strange response," and (2) a reauthentication attempt that throws an exception, which allows remote attackers to trigger use of a cached authentication decision. NOTE: the provenance of this information is unknown the details are obtained solely from third party information. SQL injection vulnerability in article.php in Article Dashboard, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.Īpache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.Īpache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. #SURGEMAIL NETWIN LICENSE KEY DIRECTORY PATCH#Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low: vulnerabilities with a CVSS base score of 0.0–3.9Įntries may include additional information provided by organizations and efforts sponsored by CISA.Medium: vulnerabilities with a CVSS base score of 4.0–6.9.High: vulnerabilities with a CVSS base score of 7.0–10.0.The division of high, medium, and low severities correspond to the following scores: Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |