Lucene search
+L

250 matches found

Debian CVE
Debian CVE
added 2007/04/30 11:0 p.m.39 views

CVE-2007-2385

The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS6.3AI score0.01105EPSS
Exploits0
Cvelist
Cvelist
added 2007/04/30 11:0 p.m.33 views

CVE-2007-2385

The Yahoo! UI framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

6.5AI score0.01105EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2007/02/21 12:42 p.m.6 views

security flaw

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the keylength variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name befo...

5CVSS5.8AI score0.11752EPSS
Exploits0References4
Saint
Saint
added 2006/02/24 12:0 a.m.29 views

Windows NetDDE buffer overflow

Added: 02/24/2006 CVE: CVE-2004-0206 BID: 11372 OSVDB: 10689 Background Network Dynamic Data Exchange NetDDE is a Windows service which allows two applications to communicate with each other over a network. Problem A buffer overflow in the NetDDE service could allow a remote, anonymous attacker t...

7.5CVSS7.5AI score0.77002EPSS
Exploits8
Cvelist
Cvelist
added 2004/10/16 4:0 a.m.34 views

CVE-2004-0206

Network Dynamic Data Exchange NetDDE services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer,"...

7.6AI score0.77002EPSS
Exploits8References14
securityvulns
securityvulns
added 2003/10/23 12:0 a.m.37 views

SUN jdk crossite scripting

jdk undocumented static variable may allow data exchange between sites...

2.4AI score
Exploits0References1Affected Software3
CERT
CERT
added 2002/07/13 12:0 a.m.30 views

Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System

Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...

7.2CVSS6.8AI score0.03501EPSS
Exploits1References5
Cvelist
Cvelist
added 2001/05/07 4:0 a.m.31 views

CVE-2001-0015

Network Dynamic Data Exchange DDE in Windows 2000 allows local users to gain SYSTEM privileges via a "WMCOPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process...

6.5AI score0.03501EPSS
Exploits1References4
NVD
NVD
added 2001/03/12 5:0 a.m.22 views

CVE-2001-0015

Network Dynamic Data Exchange DDE in Windows 2000 allows local users to gain SYSTEM privileges via a "WMCOPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process...

7.2CVSS6.5AI score0.03501EPSS
Exploits1References4
securityvulns
securityvulns
added 2001/01/10 12:0 a.m.31 views

Lotus Domino: security hole the size of Texas, plus somewhat smaller protocol auditing utility

Ben, this is an updated version. Plese let this one thru, if it isn't too late. Thanks. Even my girlfriend said this bug is incredible :P Sit and relax. First of all, a few words from me. Sorry for that if you hate my occassional intros - please appreciate that I am not putting 80x20 ASCII 'A D V...

6.9AI score
Exploits0
Rows per page
Query Builder