Apple iOS multiple security vulnerabilities

Large number of vulnerabilities in different components...

Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)

The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP ...

Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...

Android Security Evaluation Framework: ASEF

Have you ever looked at your Android applications and wondered if they are watching you as well? Whether it’s a bandwidth-hogging app, aggressive adware or even malware, it would be interesting to know if they are doing more than what they are supposed to and if your personal information is...

Microsoft Windows Networking Components Remote Code Execution Vulnerabilities (2733594)

This host is missing a critical security update according to Microsoft Bulletin MS12-054. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows multiple security vulnerabilities

TCP/IP privilege escalation, partition manager privilege escalation, multiple security vulnerabililities in .Net, Silverlight, font management, GDI+, window components, etc...

PT-2012-1150 · Libjpeg Turbo +1 · Libjpeg-Turbo +1

Name of the Vulnerable Software and Affected Versions: libjpeg-turbo versions 1.2.0 through 1.2.0 Description: The issue is related to a heap-based buffer overflow in the get sos function in jdmarker.c, which can be triggered by a large component count in the header of a JPEG image. This can caus...

MS12-045: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

The version of Microsoft Data Access Components MDAC installed on the remote Windows host is affected by a remote code execution vulnerability that could allow arbitrary code execution if a user views a specially crafted web page. C Tenable Network Security, Inc. include"compat.inc"; if descripti...

Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)

This host is missing a critical security update according to Microsoft Bulletin MS12-045. OpenVAS Vulnerability Test $Id: secpodms12-045.nasl 9122 2018-03-17 14:01:04Z cfischer $ Microsoft Windows Data Access Components Remote Code Execution Vulnerability 2698365 Authors: Rachana Shetty Copyright...

Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)

This host is missing a critical security update according to Microsoft Bulletin MS12-045. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Heap overflow

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

CVE-2012-1891

Heap-based buffer overflow in Microsoft Data Access Components MDAC 2.8 SP1 and SP2 and Windows Data Access Components WDAC 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE...

Three Critical Fixes in July Microsoft Patch Tuesday

Microsoft issued nine bulletins fixing 16 vulnerabilities in the July 2012 edition of Patch Tuesday. Three of the bulletins received Microsoft’s most severe ‘critical’ rating, while the remaining six were deemed merely ‘important.’ First and foremost among the critical patches is MS12-043, a fix...

Microsoft Data Access Components ADO Cachesize Heap Overflow (MS12-045; CVE-2012-1891)

A remote code execution vulnerability has been reported in Microsoft Data Access Components MDAC...

Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability

Description Microsoft Data Access Components MDAC are prone to a heap-based buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed...

IBM Edge Components Caching Proxy XSS Followup

Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy -...

IBM Edge Components Caching Proxy crossite scripting

Crossite scripting on non-existent page...

Stack overflow

Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components...

MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities

The remote host has a version of Cisco AnyConnect 2.5 MR6 / 3.0 MR8. Such versions are potentially affected by multiple vulnerabilities : - The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary code...

IBM Edge Components Caching Proxy Cross Site Scripting

Rapid7 probably found this vulnerability on October 23 2002 http://seclists.org/fulldisclosure/2002/Oct/330 and its called CVE- 2002-1167 They don't show the output and specify it is error message but the injection method is the same. The update is it works on IBM Edge Components Caching Proxy -...