93 matches found
KB4493441: Windows 10 Version 1709 and Windows Server Version 1709 April 2019 Security Update
The remote Windows host is missing security update 4493441. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard when Windows improperly handles calls to the LUAFV driver luafv.sys...
Security Bulletin: IBM Cognos TM1 is affected by security vulnerability CVE-2014-0877
Summary The link generated when opening the Rights page for an application can be opened anywhere, without the need to log in. Vulnerability Details CVE-ID: CVE-2014-0877 CVSS Base Score: 4 CVSS Temporal Score: See for the current score CVSS Environmental Score: Undefined CVSS Vector:...
CVE-2018-0877
creationtimestamp| type| source ---|---|--- 2018-03-20 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/44313 2018-03-23 08:30:56+00:00| seen| https://t.me/antichat/1124...
CVE-2018-0877
CVE-2018-0877 affects the WCIFS (Windows Desktop Bridge VFS) driver. The root cause is improper handling of file paths in privileged Windows directories, allowing a reparse to a user-controlled location during a file-create path when the requested file did not exist in a trusted directory. This c...
Microsoft Windows Desktop Bridge VFS Elevation of Privilege (CVE-2018-0877)
A vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
CVE-2017-0877
CVE-2017-0877 describes a remote code execution vulnerability in the Android media framework (libavc) affecting Android 6.0. The issue is triggered via a specially crafted file, allowing an attacker to execute code in the context of a privileged process. The vulnerability is categorized as Media ...
CVE-2016-0877
CVE-2016-0877 affects Moxa EDR-G903 Secure Router devices (pre-3.4.12). The vulnerability is a memory leak in the information exposure path caused by the ping function, allowing remote attackers to cause denial of service via memory consumption. The issue is tied to a vulnerability in the device’...
CVE-2015-0877
Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name...
CVE-2015-0877
CVE-2015-0877 affects C-BOARD Moyuku prior to 1.03b3. The vulnerability is an unrestricted file upload in app/lib/mlf.pl that lets remote attackers upload a file with a null character in its name, potentially enabling arbitrary code execution on the server. Multiple sources (NVD, JVN/JVNDB, PRION...
CVE-2014-0877
IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link...
CVE-2014-0877
CVE-2014-0877 affects IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2 before IF1. The IBM bulletin describes an access control bypass: a link generated from the Rights page can be opened without logging in, effectively bypassing intended restrictions. The vulnerability is documented with remediatio...
CVE-2013-0877
The CVE-2013-0877 entry describes a vulnerability in FFmpeg prior to 1.1.3 where the old_codec37 function in libavcodec/sanm.c can be triggered by crafted LucasArts Smush data of large size, leading to an out-of-bounds array access and unspecified impact. Public-availability documents (Gentoo GLS...
TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager vulnerable to Cross-site scripting sitemap page July 26, 2011 Risk Level: Medium Affected versions: Oracle Enterprise Manager Grid Control versions 10.1.0.6 Oracle Enterprise Manager control...
CVE-2011-0877
The CVE-2011-0877 entry concerns an unspecified vulnerability in Oracle’s Instance Management component affecting Oracle Database Server versions 10.1.0.5, 10.2.0.3, 10.2.0.4 and Oracle Enterprise Manager Grid Control 10.1.0.6. The issue is described as allowing remote attackers to affect integri...
CVE-2010-0877
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2009-0877
The CVE-2009-0877 entry describes multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express. The affected component is the web interface of Sun Java System Communications Express, where attackers can inject arbitrary web script or HTML via the Full Name or Subj...
CVE-2008-0877
CVE-2008-0877 affects Jinzora Media Jukebox 2.7.5 with multiple cross-site scripting (XSS) vulnerabilities. The issue arises from insufficient input sanitization in several parameters across files: (1) frontend, (2) set_frontend, (3) jz_path, (4) theme, (5) set_theme to index.php; (additional) fr...
CVE-2007-0877
Technical details about CVE-2007-0877 are not publicly provided in the supplied documents; no affected products, root cause, or remediation are described. Monitor for updates.
CVE-2006-0877
The CVE-2006-0877 entry refers to a Cross-Site Scripting vulnerability in Easy Forum 2.5 allowing remote injection of arbitrary script via the image variable. Connected sources confirm affected software (Easy Forum 2.5) and vulnerable script join.php with unsanitized image data; exploit code is a...
dnsmasq
New dnsmasq packages are available for Slackware 10.0, 10.1, and -current to fix security issues. An off-by-one overflow vulnerability may allow a DHCP client to create a denial of service condition. Additional code was also added to detect and defeat attempts to poison the DNS cache. More detail...