CVE-2014-1996

CVE-2014-1996 affects Cybozu Garoon 3.7 up to Service Pack 3. A vulnerability in Garoon’s API access control (CWE-264) allows remote authenticated users to bypass restrictions and either execute arbitrary code or cause a DoS. The issue is tied to the API layer and is exploitable through API calls...

CVE-2014-1996

Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call...

CVE-2014-1373

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application...

CVE-2014-1373

Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application...

Microsoft Windows XP/2000 PostThreadMessage() Arbitrary Process Killing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8747/info A vulnerability has been discovered in the Microsoft Windows operating system. The flaw lies in the way that processes handle messages sent from another process via the PostThreadMessage API call. Reports indica...

Promises: resolve is not the opposite of reject

When I first started working with promises I had the overly simplistic view that passing a value into reject would mark the promise as "failed", and passing a value into resolve would mark it as "successful". However, the latter isn't always true. new Promiseresolve, reject = resolvesomething;...

NullCrew Hackers Take Credit for Comcast Mail Server Hack

Hackers broke into at least 34 servers belonging to Comcast yesterday, dumping what appears to be a list of the company’s mail servers, passwords and a link to the root file that contains the vulnerability they used to penetrate the system. The hacktivist collective NullCrew has claimed to have...

Hardcoded credentials

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different...

puppet: remote code execution on master from unauthenticated clients

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

CVE-2013-3567

Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call...

Code injection

The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service daemon crash via an undocumented API call that triggers the transmission of unexpected data...

CVE-2013-0484

CVE-2013-0484 affects IBM Cognos TM1 10.1.x up to but not including 10.1.1 FP1. The vulnerability stems from an undocumented API call that can cause the server daemon to crash by transmitting unexpected data, enabling a remote denial-of-service condition. No mitigation details are provided in the...

CVE-2013-0484

The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service daemon crash via an undocumented API call that triggers the transmission of unexpected data...

Design/Logic Flaw

content/unity-api.js in the unity-firefox-extension extension 2.4.1 for Firefox exposes the toDataURL function in an API call, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage...

Design/Logic Flaw

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

CVE-2011-3845

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

AdiOS Finds iOS Apps Capable of Dumping Users' Contacts

It’s gotten to the point now where it’s almost easier to talk about the mobile apps and services that don’t ship your personal data off to some remote server for purposes unknown rather than discussing the ones that do. The latest discussion of privacy invading apps flowed from the discovery that...

Microsoft Data Access Components DSN Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Data Access Components. The vulnerability is present in an API call and as such successful exploitation will depend on an application's implementation of this call. The specific flaw exists with...

Overflow exploit technology mining preliminary-vulnerability warning-the black bar safety net

From MS03-0 4 9 exploit see to debug the system process Text/figure dangguai27 This article I mainly from the period of time the use of the WorkStation service overflow vulnerability, MS03-0 4 9 process encountered some problems as the basis, to talk about how I through the system the process of...

NCTsoft - AudFile.dll ActiveX Control Remote Buffer Overflow

NCTsoft - AudFile.dll ActiveX Control Remote Buffer Overflow ----------------------------------------------------------------------------- NCTsoft AudFile.dll ActiveX Control Remote Buffer Overflow url: http://www.nctsoft.com Author: shinnai mail: shinnaiatautisticidotorg site:...