4119 matches found
CVE-2012-1893
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users t...
Integer overflow
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users t...
CVE-2012-1893
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users t...
PT-2012-3631 · Microsoft · Windows Server 2003 +5
Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 and SP3 Microsoft Windows Server 2003 version SP2 Microsoft Windows Vista version SP2 Microsoft Windows Server 2008 versions SP2, R2, and R2 SP1 Microsoft Windows 7 versions Gold and SP1 Description: The issu...
Vulnerabilities in JW Player and millions of web sites
Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...
Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities
Swoopo Gold Shop CMS 8.4.56 - Multiple Web Vulnerabilities Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System:...
Swoopo Gold Shop CMS 8.4.56 Cross Site Scripting / SQL Injection
Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...
CVE-2012-2759
Cross-site scripting XSS vulnerability in login-with-ajax.php in the Login With Ajax aka login-with-ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php...
Proman Xpress 5.0.1 SQL Injection / XSS
Title: ====== Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=513 VL-ID: ===== 512 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Proman...
Immunity Canvas: MS11_080
Name| ms11080 ---|--- CVE| CVE-2011-2005 Exploit Pack| CANVAS Description| MS11-080 Notes| CVE Name: CVE-2011-2005 VENDOR: Microsoft Notes: http://technet.microsoft.com/en-us/security/bulletin/ms11-080 Reliably exploits Windows XP SP3 and 2003 SP2 32/64-bit. When executed, this will get a callbac...
Microsoft Internet Explorer XSLT SetViewSlave Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...
Design/Logic Flaw
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...
[USN-1158-1] curl vulnerabilities
========================================================================== Ubuntu Security Notice USN-1158-1 June 24, 2011 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...
Ubuntu Update for curl USN-1158-1
Ubuntu Update for Linux kernel vulnerabilities USN-1158-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11581.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for curl USN-1158-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : curl vulnerabilities (USN-1158-1)
Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client's security credential. CVE-2011-2192 Wesley Miaw discovered that when zlib is enabled, libcurl does not properly restrict the amount ...
Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...
Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service application crash or possibly execut...