301 matches found
CVE-2017-3389
CVE-2017-3389 affects Oracle E-Business Suite, Oracle Advanced Outbound Telephony User Interface in versions 12.1.1–12.2.6. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony; exploitation requires human interaction. ...
CVE-2016-3389
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-7190, and...
Memory corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and...
CVE-2016-3389
The CVE-2016-3389 entry concerns the Chakra JavaScript engine in Microsoft Edge. It describes memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted website. The connected advisories reiterate the same description but do not provide ...
KLA10885 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities 1. An improper memory objects handlin...
[SECURITY] [DLA 400-1] pound security update
Package : pound Version : 2.6-1+deb6u1 CVE ID : CVE-2009-3555 CVE-2011-3389 CVE-2012-4929 CVE-2014-3566 This update fixes certain known vulnerabilities in pound in squeeze-lts by backporting the version in wheezy. CVE-2009-3555 The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as...
Oracle: Security Advisory (ELSA-2007-0710)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2011-1380)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201312-04
Gentoo Linux Local Security Checks GLSA 201312-04 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Amazon Linux: Security Advisory (ALAS-2011-10)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-3389
Cross-site scripting XSS vulnerability in the Download counts report page in the Public Download Count module pubdlcnt 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-3389
Summary: CVE-2015-3389 affects the Drupal Public Download Count module (pubdlcnt). The vulnerability is an XSS in the Download counts report page in 7.x-1.x-dev and earlier due to insufficient sanitization, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified...
[SECURITY] [DLA 154-1] nss security update
Package : nss Version : 3.12.8-1+squeeze11 CVE ID : CVE-2011-3389 CVE-2014-1569 Debian Bug : 773625 nss 3.12.8-1+squeeze11 fixes two security issues: CVE-2011-3389 SSL 3.0 and TLS 1.0 connections were vulnerable to some chosen plaintext attacks which allowed man-in-the middle attackers to obtain...
SA-CONTRIB-2015-036 - Public Download Count - Cross Site Scripting (XSS) - Unsupported
Public Download Count module keeps track of file download counts. The module doesn't sufficiently sanitize user supplied text in the Download counts report page thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role wit...
Oracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)
The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...
用友软件存在两处命令执行漏洞可影响内网安全
简要描述: 刚进公司几天,无意看网站发现两处小漏洞,不知道报那里,就丢乌云吧 详细说明: 翻网站的时候无意发现两处Struts 1.http://comp.yonyou.com/hr/sm/Smindex.action 2.http://comp.yonyou.com/base/par/Parindex.action 貌似是没上线的平台,但是看一下信息就知道危害了 首先,先看看服务器信息 WIN2008服务器 再看看端口 3389是直接开放的 再看看IP吧 内网,再加上3389端口是默认开放的,如果,进行端口转发,提权,那么。。。 最后看看盘符信息吧 基本全遍历。 漏洞证明:...
TPKT Client Detection
Binary data 7155.pasl...
Fedora Update for Pound FEDORA-2014-13777
Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868477";...
Fedora Update for Pound FEDORA-2014-13764
Check the version of Pound SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868456";...
CVE-2014-3389
CVE-2014-3389 affects Cisco ASA VPN Failover component. The vulnerability arises from an improper implementation of the internal tunnel-filter for packets from an established VPN tunnel, allowing remote authenticated users to obtain failover-unit access via crafted packets. Connected advisories c...