616 matches found
CVE-2015-5838
SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app...
Mobile Devices C4 OBD2 Dongle Privilege Access Vulnerability (CNVD-2015-05627)
The Mobile Devices aka MDI C4 OBD2 Dongle is a programmable OBD2 solution from the French company Mobile Devices. A security vulnerability exists in the Mobile Devices C4 OBD2 Dongle that arises from different user installers storing the same SSH private key. A remote attacker could exploit the...
Windows NDProxy Privilege Escalation XP SP3 x86 and 2003 SP2 x86 (MS14-002) Exploit
NDPROXY is a system-provided driver that interfaces WAN miniport drivers, call managers, and miniport call managers to the Telephony Application Programming Interfaces TAPI services. The vulnerability is caused when the NDProxy.sys kernel component fails to properly validate input. An attacker wh...
ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities
Exploit for multiple platform in category web applications Document Title: =============== ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities Product & Service Introduction: =============================== SupportCenter Plus is a web-based customer support software that lets...
Mozilla Firefox Restricts Bypass Privilege Access Vulnerability
Mozilla Firefox is a web browser released by Mozilla. A restriction bypass privilege access vulnerability exists in Mozilla Firefox. The vulnerability allows remote attackers to bypass security restrictions by navigating through certain content to execute arbitrary script code with chrome...
EMC Documentum D2 Information Disclosure Vulnerability
EMC Documentum D2 is an enterprise document management software. The EMC Documentum D2-API formation logs passwords and user credentials that are used to encrypt D2 sensitive systems using MD5 hashes recorded to log files, where low-privileged users can obtain the MD5 hashes and perform malicious...
Ubuntu 14.04 LTS : OpenStack Keystone vulnerability (USN-2406-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2406-1 advisory. Brant Knudson discovered that OpenStack Keystone did not properly perform input sanitization when performing endpoint catalog substitution. A remote attacker with...
Design/Logic Flaw
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors...
withU Music Share 1.3.7 iOS - Command Inject Vulnerability
Document Title: =============== withU Music Share 1.3.7 iOS - Command Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1040 Release Date: ============= 2013-08-02 Vulnerability Laboratory ID VL-ID: ====================================...
NinkoBB - Cross-Site Request Forgery
NinkoBB - Cross-Site Request Forgery Title: NinkoBB CSRF Vulnerability Author: ADEO Security Published: 30/06/2010 Version: 1.3RC5 Possible all versions Vendor: http://ninkobb.com Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip Description: "NinkoBB is an open source forum script writte...
NinkoBB 1.3RC5 Cross Site Request Forgery
Title: NinkoBB CSRF Vulnerability Author: ADEO Security Published: 30/06/2010 Version: 1.3RC5 Possible all versions Vendor: http://ninkobb.com Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip Description: "NinkoBB is an open source forum script written in the PHP language and uses a MySQ...
Oracle存在多个安全漏洞
CNCAN ID:CNCAN-2009041604 多个Oracle产品存在漏洞,可导致SQL注入,泄漏敏感信息或使攻击者破坏系统: -Oracle Process Manager和Notification opmn守护程序存在格式串错误,提交特殊构建的POST请求给port 6000/TCP可导致任意代码执行。 -传递给"DBMSAQIN"的输入在使用前缺少过滤,可导致注入任意SQL代码。 -Oracle数据库包含的Application Express组件存在错误,非特权用户可以获得"LOWS030000.WWVFLOWUSER"中的APEX密码HASH。 目前还存在多个未知漏洞。...
CVE-2001-1274
The CVE-2001-1274 vulnerability is a buffer overflow in MySQL before 3.23.31. Affected product: MySQL server (pre-3.23.31). Root cause: a buffer overflow that can be triggered remotely, leading to a denial of service and potential privilege escalation. Impact: partial confidentiality/integrity/av...
CVE-2002-0110
Nevrona Designs MiraMail (Windows) up to version 1.04 stores user credentials (POP usernames and passwords) in plaintext in an .ini file. The underlying issue is unencrypted storage of authentication data, allowing anyone with file access to read passwords and potentially gain privileges. Public ...
OpenSSH's UseLogin option allows remote access with root privilege.
OpenSSH's UseLogin option allows remote access with root privilege. 1. Systems affected: The default installation of OpenSSH is not vulnerable, since UseLogin defaults to 'no'. However, if UseLogin is enabled, all versions of OpenSSH prior to 2.1.1 are affected. 2. Description: If the UseLogin...
nt.ras.bof.txt
Date: Wed, 19 May 1999 11:37:00 +0100 From: Mnemonix To: [email protected] Subject: Buffer Overruns in RAS allows execution of arbitary code as system Introduction Microsoft's RAS Service on Windows NT all service packs contains numerous buffer overruns that allow execution of arbritary code...