1299 matches found
CVE-2016-2965
IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious link, a remote attacker could force the user to log out of Sametime. IBM X-Force ID: 113846...
CVE-2017-6788
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected software. The vulnerability is due to insufficient input...
MGASA-2017-0159 Updated libtasn1 packages fix security vulnerability
Jakub Jirasek of Secunia Research discovered that libtasn1 did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file CVE-2017-6891...
SUSE-SU-2017:1473-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515 - IKEv1 protocol is vulnerable to DoS...
SUSE-SU-2017:1471-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515...
McAfee ePolicy Orchestrator SQL Injection Vulnerability (CNVD-2017-01459)
McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. An SQL injection vulnerability exists in McAf...
CVE-2016-7883
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks...
CURL-CVE-2013-2174 URL decode buffer boundary flaw
libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal number. The decoded strin...
NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute
Vendor: NewV http:// www.newv.com.cn/ Product: NewV smartclient http://demo.newv.com.cn/lds/module/smartclientsetting.exe Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guoyuguo.cngmail.com Description: An input validation issue exists in the NewV Activ...
SmartCMS v.2 SQL injection vulnerability
============ Ariko-Security - Advisory 1/5/2010 ============= SQL injection vulnerability in SmartCMS v.2 Vendor's Description of Software: http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en Dork: n/a Application Info: Name: SmartCMS Versions: V.2 Vulnerability Info: Type: SQL injection...
VulnCheck KEV: CVE-2008-2992
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution...
Input validation
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an "input validation issue."...
CVE-2009-0959
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service device reset via a crafted MPEG-4 video file that triggers an "input validation issue."...
PT-2009-36: Neo CMS SQL Injection Vulnerability
Neo CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...
Input validation
Unspecified vulnerability in a JavaScript method in Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allows remote attackers to execute arbitrary code via unknown vectors, related to an "input validation issue."...
acroread: input validation issue in a JavaScript method
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...
CVE-2008-2641
Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unknown vectors, related to an "input validation issue in a JavaScript method."...
CAFEMILK Shopping Cart CGI cross-site scripting vulnerability
Overview CAFEMILK Shopping Cart CGI contains a cross-site scripting vulnerability as it does not properly validate input strings. Impact A malicious script may be executed on the user's web browser. Personal information, recorded in cookies issued by CAFEMILK SHOPPING CART CGI, may be leaked...
phpBB Chart Mod 1.1 - charts.php?id Cross-Site Scripting
phpBB Chart Mod 1.1 - charts.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/17952/info Chart Mod is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...
Tunez 1.21 - 'search.php?searchFor' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15548/info Tunez is prone to multiple input validation vulnerabilities. The application is affected by an SQL injection vulnerability and a cross-site scripting issue. Successful exploitation of the SQL injection issue could result in a compromise of the...