CVE-2011-2314

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages...

CVE-2011-2314

Technical details about CVE-2011-2314 are not publicly provided in the supplied connected documents. The entry only mentions an unspecified vulnerability in Oracle Containers for J2EE 10.1.2.3. Monitor for updates.

Mozilla Prism v1.0b4 - Stack Overflow Vulnerability

Document Title: =============== Mozilla Prism v1.0b4 - Stack Overflow Vulnerability References Source: ==================== Video: http://www.vulnerability-lab.com/getcontent.php?id=217 Release Date: ============= 2011-08-29 Vulnerability Laboratory ID VL-ID: ==================================== ...

CVE-2011-0883

Technical details are not publicly available in the provided documents. Monitor for updates.

VLC media player memory corruption

Memory corruption on Matroska/WebM сontainers parsing...

Memory corruption

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have inval...

CVE-2011-0976

Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have inval...

Spring Security Security Constraint Bypass

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

kernel security update

CentOS Errata and Security Advisory CESA-2010:0046 Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages...

CVE-2010-0070

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors...

CVE-2010-0067

CVE-2010-0067 affects the Oracle Application Server 10g (Release 2) components, specifically the Oracle Containers for J2EE, versions 10.1.2.3 and 10.1.3.4. The vulnerability is exploitable remotely over HTTP by unauthenticated users and can impact confidentiality (Partial) with network access an...

Memory corruption

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack f...

CVE-2009-0224

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack f...

Oracle Containers For Java Traversal

Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 Explaination: The "%c0%ae%c0%ae" is interpreted as: ".." because on Java's side:...

[Full-disclosure] Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server

Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server PoC: http://OC4J/web-app/foobar/c0aec0ae/WEB-INF/web.xml Related: https://vulners.com/cve/CVE-2008-2938 Explaination: The "c0aec0ae" is interpreted as: ".." because on Java's side: "c0ae" is interpreted as: "uC0AE"...

Parallels Virtuozzo Containers 3.0.0-25.44.0.0-365.6 VZPP Interface File Manger - Cross-Site Request Forgery

Parallels Virtuozzo Containers 3.0.0-25.44.0.0-365.6 VZPP Interface File Manger - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/28589/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacke...

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to...

Parallels Virtuozzo Containers 3.0.0-25.4/4.0.0-365.6 VZPP Interface File Manger - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/28589/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to perform certain file-management actions with the privileges o...

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/28593/info Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will...