• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow

Network Security News – Monday, February 13, 2006 Events

Verity KeyView Viewer SDK tarrdr.dll TAR Extraction Overflow

A remote overflow exists in Verity KeyView Viewer SDK. 'tarrdr.dll' fails to perform bounds checking on filenames of files contained by TAR archives, resulting in a stack based overflow. With a specially crafted TAR archive, an attacker can cause arbitrary code execution when the archive is extracted with an application using the vulnerable viewer, resulting in a loss of integrity.. Read more at osvdb.org/23067

Verity KeyView Viewer SDK uudrdr.dll UUE Filename Overflow

A remote overflow exists in Verity KeyView Viewer SDK. 'uudrdr.dll' fails to perform bounds checking on filenames of UUE files, resulting in a stack based overflow. With a specially crafted UUE file, an attacker can cause arbitrary code execution when the file is opened in an application using the vulnerable viewer, resulting in a loss of integrity.. Read more at osvdb.org/23065

SPIP spip_acces_doc.php3 file Variable SQL Injection

SPIP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'spip_acces_doc.php3' script not properly sanitizing user-supplied input to the 'file' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23087

Verity KeyView Viewer SDK kvarcve.dll Compressed File Pathname Generation Overflow

A remote overflow exists in Verity KeyView Viewer SDK. 'kvarcve.dll' fails to perform bounds checking when constructing the full pathname of a compressed file before extracting it from a ZIP archive, resulting in a stack based overflow. With a specially crafted ZIP archive, an attacker can cause arbitrary code execution when a compressed file with a long filename is extracted from within an application using the vulnerable viewer, resulting in a loss of integrity.. Read more at osvdb.org/23064

NOOFS FUSE Client Unspecified Issue

NOOFS contains a flaw related to the FUSE Client. No further details have been provided.. Read more at osvdb.org/23052

NOOFS noofsd Unspecified Issue

NOOFS contains a flaw related to noofsd. No further details have been provided.. Read more at osvdb.org/23053

GA Forum archive.asp Forum Variable SQL Injection

GA Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'archive.asp' script not properly sanitizing user-supplied input to the 'Forum' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23085

ashNews ashnews.php id Variable XSS

ashNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'ashnews.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22934

ACC Tigris Access Terminal Server Unauthenticated Command Execution

ACC Tigris Terminal Server contains a flaw that may allow a malicious user to execute non-privileged commands without being authenticated. This is possible by using the undocumented username (public) and password (public). The issue is also triggered when the user presses the 'CTRL-U' or 'Backspace' key followed by any command at the login prompt. The malicious user then may execute the 'show' or telnet command resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/267

CPG Dragonfly CMS linking.php XSS

CPG-Nuke Dragonly CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified variable upon submission to the linking.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23060

Vuln: PowerD Remote Format String Vulnerability

PowerD Remote Format String Vulnerability. Read more at securityfocus.com/bid/16582

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software