새로운 댓글
Vulnerability 검색 결과, 40
Microsoft Windows animated cursors buffer overflow
I. Description A stack buffer overflow exists in the code that Microsoft Windows uses to processes animated cursor files. Specifically, Microsoft Windows fails to properly validate the size of an animated cursor file header supplied in animated cursor files. Animated cursor files can be included with HTML files. For instance, a web site can use an animated cursor file to specify the icon that th..Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01
Buffer Overflow in InterVetions' NaviCopa HTTP server 2.01 While developing one of our advanced security training modules, we identified a remotely exploitable buffer overflow vulnerability in the latest release of InterVetions' HTTP server NaviCopa 2.01. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the NaviCopa HTTP server. .... Th..Microsoft Windows Cursor and Icon Format Handling Remote Code Execution Vulnerability
A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to take complete control of an affected system. This issue is due to a memory corruption error when rendering malformed cursors, animated cursors or icons, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a malicious web page or viewing..Microsoft Windows Web Proxy Automatic Discovery (WPAD) Traffic Routing Vulnerability
A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to gain knowledge of sensitive information. This issue is due to a design error where the Web Proxy Autodiscovery Protocol (WPAD) is used (by default) without static WPAD entries, which could be exploited by attackers on a local network segment to force WPAD clients (e.g. Internet Explorer) to r..Zeroboard Download SQL Injection
요번에 제로보드의 DOwnload.php가 SQL injection 에 취약함을 발표했으며 그에 따른 보안패치를 올렸습니다. 여기에 대해 잠깐 언급해보겠습니다... http://target/bbs/download.php?id=notice&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on &select_arrange=headnum&desc=asc&no=5&filenum=1=100/* ... 구문은 자기가 필요한 구문을 적절히 넣으면 된다.. update zetyx_board_notice set download1=100/*=download1=100/*+1 where no='5'\ Download.php 변경사항 mysql_query("update $t_board"."_$id set d..PHP import_request_variables() vs extract()
if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini Infact extract() has a EXTR_SKIP flag that implement this bhreaviuw: If there is a collision, don't overwrite the existing variable. U..