DSA-1734-1 opensc - information disclosure

Bulletin has no description...

CVE-2009-0368

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a 1 low level APDU command or 2 debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program...

Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Windows)

The host is installed with Mozilla Seamonkey browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodseamonkeymultvulnfeb09win.nasl 5122 2017-01-27 12:16:00Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Feb-09 Windows Authors: Sharath S Copyright: Copyright ...

ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability

ZDI-09-011: Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-011 February 10, 2009 -- CVE ID: CVE-2009-0075 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- TippingPointTM IPS Custome...

Microsoft Internet Explorer CFunctionPointer Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects...

Microsoft Visual Basic Kill Bits

Visual Basic is an event-driven programming language that was created by Microsoft for building stand alone Windows-based programs. Developers can use it for quickly building GUI applications. Several remote code execution vulnerabilities have been reported in Microsoft Visual Basic. To trigger...

NCTVideoStudio ActiveX DLLs 1.6 Insecure Method File Creation Exploit

No description provided by source. HTML b NCTVideoStudio ActiveX DLLs Version 1.6 Insecure Method File Creation /b b br/br/ Author : Mountassif Moad a.k.a Stack br/ br/ br/ b/ RegKey Safe for Script: Falsebr/ RegKey Safe for Init: Falsebr/ Implements IObjectSafety: Truebr/ IDisp Safe: Safe for...

Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability

Description Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the...

CVE-2008-5353

The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...

CVE-2008-5353

The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...

CVE-2008-5353

The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...

Mozilla crash and remote code execution via __proto__ tampering

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying the window.proto.proto object in a way that...

Mozilla crash and remote code execution via __proto__ tampering

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying the window.proto.proto object in a way that...

kernel: missing boundary checks in syscall/syscall32_nopage()

Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects vDSO implementation. This could allow a local unprivileged user to cause a denial of service or privilege escalation. CVE-2008-3527, Important...

XWork < 2.0.11.2 - 'ParameterInterceptor' Class OGNL Security Bypass

source: https://www.securityfocus.com/bid/32101/info XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application...

Internet Explorer vulnerable in handling CDO protocol

Overview Internet Explorer is vulnerable in handling CDO Collaboration Data Objects protocol, which allows the download dialog box to be bypassed. When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual conten...

JVN#55410403 Internet Explorer vulnerable in handling CDO protocol

When Internet Explorer IE accesses a website using CDO Collaboration Data Objects, IE processes the contents as CDO data, ignoring their actual content types, and IE does not properly handle the Content-Disposition header field. This could cause a download dialog box not to be displayed prior to...

[SECURITY] Fedora 8 Update: rubygem-activerecord-2.1.1-1.fc8

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Microsoft Excel Remote Code Execution Vulnerability (956416)

This host is missing critical security update according to Microsoft Bulletin MS08-057. OpenVAS Vulnerability Test $Id: secpodms08-057900048.nasl 6538 2017-07-05 11:38:27Z cfischer $ Description: Microsoft Excel Remote Code Execution Vulnerability 956416 Authors: Chandan S Copyright: Copyright C...

Microsoft Excel Remote Code Execution Vulnerability (956416)

This host is missing critical security update according to Microsoft Bulletin MS08-057. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...