571 matches found
CVE-2017-6511
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...
CVE-2017-6511
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...
Unauthorized Access Vulnerability in Deephaven Jet Mixcall Customer Service System
Ltd. is a company that focuses on the research, development, manufacturing and sales of call centers and converged communication products. mixcall is one of the company's customer service systems. An unauthorized access vulnerability exists in the SZHJ Mixcall customer service system. Due to a la...
OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...
Design/Logic Flaw
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the...
CVE-2010-3573
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...
kernel: ext4: ext4_fill_super() missing validation issue
The ext4fillsuper function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service NULL pointer dereference and OOPS by attempting to mount a crafted ext4...
CVE-2008-5396
Array index error in the 1 torisa.c and 2 dahdi/tor2.c drivers in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZTSPANCONFIG...
Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability
Advisory 1 "Dotclear 'ecrire/images.php' Arbitrary File Upload Vulnerability" $ Author : Morgan ARMAND $ Contact : armandm at epitech dot net $ Vendor URL : http://www.dotclear.net $ Vendor Contacted : 07/04/2008 $ Vendor Status : No response $ Affected Software : Dotclear = 1.2.7.1 $ Severity :...
CVE-2007-5082
Multiple stack-based buffer overflows in Computer Associates CA BrightStor Hierarchical Storage Manager HSM before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter...
FreeBSD : Macromedia flash player -- swf file handling arbitrary code (aed343b4-5480-11da-b579-001125afbed7)
A Secunia Advisory reports : A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used ...