130 matches found
CVE-2017-0901
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem...
Cross site scripting
Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901...
CVE-2016-0901
EMC RSA Authentication Manager before 8.1 SP1 Patch 14 is affected by CVE-2016-0901, a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Connected sources (NVD/CNVD/Nessus) corroborate the XSS issue and tie it to ...
CVE-2016-0901
Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900...
CVE-2016-0900
Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901...
CVE-2015-0901
CVE-2015-0901 concerns the WordPress flashy theme (duwasai flashy) version 1.3 and earlier. The core issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple connected records corroborate the vulnerab...
CVE-2014-0901
Cross-site scripting XSS vulnerability in the Social Rendering implementation in the IBM Connections integration in IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0901
CVE-2014-0901 is an XSS in the Social Rendering component of the IBM Connections integration within IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF11. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in the Social Rendering path. A ...
CVE-2012-0901
The CVE-2012-0901 issue affects the WordPress YouSayToo Auto-Publishing Plugin 1.0, specifically the yousaytoo.php submit parameter. The root cause is inadequate input sanitization/cleanup, enabling a cross-site scripting (XSS) vulnerability. An attacker could inject arbitrary script or HTML that...
CVE-2011-0901
The CVE-2011-0901 entry affects Terminal Server Client (tsclient) 0.150 and possibly other versions. The vulnerability is due to multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) that let an attacker supply a crafted .RDP file with long username, password, or...
CVE-2011-0901
creationtimestamp| type| source ---|---|--- 2011-02-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16095...
CVE-2010-0901
CVE-2010-0901 affects Oracle Database Server Export component (versions 9.2.0.8/9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1). The issue allows remote authenticated users to affect confidentiality via Unknown vectors related to Select Any Dictionary. The Oracle July 2010 CPU document lists C...
Microsoft WordPad Font Conversion Buffer Overflow (CVE-2004-0901)
There exists a vulnerability in the WordPad application shipped with the Microsoft Windows family of operating systems. A crafted Word 6.0 for Windows document could trigger a buffer overflow when it is opened with the affected software. A remote attacker could leverage this vulnerability to...
[security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01997644 Version: 1 HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure NOTICE: The information in this Security Bulletin shoul...
MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
One or more ActiveX controls included in Microsoft Outlook or Visio and installed on the remote Windows host was compiled with a version of Microsoft Active Template Library ATL that is affected by potentially several vulnerabilities : - An issue in the ATL headers could allow an attacker to forc...
openSUSE 10 Security Update : flash-player (flash-player-6387)
Specially crafted Flash SWF files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868,...
SuSE 11 Security Update : flash-player (SAT Patch Number 1149)
Specially crafted Flash SWF files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code. CVE-2009-1862 / CVE-2009-0901 / CVE-2009-2395 / CVE-2009-2493 / CVE-2009-1863 / CVE-2009-1864 / CVE-2009-1865 / CVE-2009-1866 / CVE-2009-1867 /...
MS09-037: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
The remote Windows host contains a version of the Microsoft Active Template Library ATL, included as part of Visual Studio or Visual C++, that is affected by multiple vulnerabilities : - A remote code execution issue affects the Microsoft Video ActiveX Control due to the a flaw in the function...
openSUSE Security Update : flash-player (flash-player-1148)
Specially crafted Flash SWF files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868,...
openSUSE Security Update : flash-player (flash-player-1148)
Specially crafted Flash SWF files can cause a buffer overflow in flash-player. Attackers could potentially exploit that to execute arbitrary code CVE-2009-1862, CVE-2009-0901, CVE-2009-2395, CVE-2009-2493, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868,...