626 matches found
Microsoft Internet Explorer Cross Domain CVE-2010-3330 Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access content from a browser window in another domain or security zone. This may...
Microsoft Internet Explorer Uninitialized Memory Word Document Remote Code Execution Vulnerability
Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. The following versions of the...
Microsoft Internet Explorer Auto-Complete Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing Standard Avaya CallPilo...
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability that affects the Embedded OpenType EOT font engine. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attempts may trigger a denial-of-service conditio...
Microsoft Windows Kernel 'Win32k.sys' Keyboard Layout Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Microsoft Internet Explorer 'toStaticHTML' HTML Sanitizing Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability that affects the 'toStaticHTML' API. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya Aura...
Microsoft Windows OpenType Font (OTF) Format Driver CVE-2010-2740 Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts...
Microsoft Windows Kernel 'Win32k.sys' Window Class Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Fail...
Microsoft Windows Common Control Library Remote Heap Buffer Overflow Vulnerability
Description Microsoft Windows Common Control Library is prone to a remote heap-based buffer-overflow vulnerability because the library fails to perform adequate boundary-checks on user-supplied data. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted web...
Microsoft Internet Explorer Anchor Element Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing Standard Avaya CallPilo...
Alcatel-Lucent OmniPCX Enterprise - masterCGI Arbitrary Command Execution (Metasploit)
$Id: alcatelomnipcxmastercgiexec.rb 10556 2010-10-05 23:13:04Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Windows COM Object Validation Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Excel, PowerPoint, Publisher, Visio, Wordpad, or Word file. Successful exploits would allow the attacker to execute arbitrary code in the...
Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
Description Microsoft Internet Explorer 8 Developer Tools 'iedvtool.dll' ActiveX control is prone to a remote code-execution vulnerability that stems from a memory-corruption issue. An attacker can exploit this issue to execute arbitrary code in the context of the application, usually Internet...
CVE-2009-4511: TANDBERG VCS Arbitrary File Retrieval
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Arbitrary File Retrieval Release Date:...
CVE-2009-4509: TANDBERG VCS Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: TANDBERG Video Communication Server Authentication Bypass Release Date:...
TANDBERG Video Communication Server Static SSH Host Keys
The remote device appears to be a TANDBERG Video Communication Server VCS, an appliance supporting interoperation of video conferencing and unified communications devices. The fingerprint for the SSH service running on this device matches that of the host key distributed with some versions of the...
Authentication flaw
The administrative web console on the TANDBERG Video Communication Server VCS before X4.3 uses predictable session cookies in 1 tandberg/web/lib/secure.php and 2 tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by...
CVE-2009-4510
The SSH service on the TANDBERG Video Communication Server VCS before X5.1 uses a fixed DSA key, which makes it easier for remote attackers to conduct man-in-the-middle attacks and spoof arbitrary servers via crafted SSH packets...
CVE-2010-1356
Unspecified vulnerability on the TANDBERG Video Communication Server VCS before X5.0 allows remote attackers to execute arbitrary code via unknown vectors, aka Reference ID 69773...
CVE-2010-1355
The CVE-2010-1355 entry concerns a Cross-site Scripting (XSS) vulnerability in the TANDBERG Video Communication Server (VCS) prior to X5.0. The connected sources confirm the affected product and that the vulnerability is XSS with unspecified vectors, allowing remote attackers to inject arbitrary ...