7498 matches found
CVE-2015-2088
CVE-2015-2088 describes a cross-site scripting (XSS) vulnerability in the contributed Drupal module Term Queue (not Drupal core), affecting version 6.x-1.0 and related 6.x releases. The root cause is insufficient sanitization of user-supplied text in some administration pages, enabling remote att...
CVE-2015-2088
Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Drupal Term Queue Module Cross-Site Scripting Vulnerability
Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Term Queue module, which allows remote attackers to exploit this vulnerability to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive...
IBM WebSphere MQ Resource Management Denial of Service Vulnerability
IBM WebSphere MQ is used to provide messaging services in the enterprise. A security vulnerability exists in IBM WebSphere MQ, which can be exploited by remote attackers to cause a denial of service with the 'PCF query' privilege with the help of a specially crafted query...
CVE-2014-4771
CVE-2014-4771 affects IBM WebSphere MQ: remote authenticated users can exhaust queue slots via a crafted PCF query, impacting MQ servers in versions 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1. The connected documents confirm the affected versions and the D...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
APPLE-SA-2015-01-27-1 Apple TV 7.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...
Code injection
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app...
Apple TV and iOS IOHIDFamily Event Queue Null Pointer Reference Vulnerability
Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS contain an IOHIDFamily event queue handling null pointer...
Apple MAC OS X Yosemite IODataQueue Object Handling Checksum Vulnerability
Apple MAC OS X Yosemite is the latest operating system developed by Apple. Apple MAC OS X Yosemite suffers from a checksum issue with some metadata fields in the handling of the IODataQueue object, which allows malicious applications to execute arbitrary code in the system context...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
Microsoft Message Queue QMGetRemoteQueueName Buffer Overflow - Ver2 (CVE-2008-3479)
A buffer overflow vulnerability has been reported in Microsoft Windows 2000. An attacker could exploit this vulnerability via a crafted RPC call, related to improper processing of parameters to string APIs. Successful exploitation of this vulnerability could allow a remote attacker to execute...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
kernel: net: sctp: remote memory pressure from excessive queueing
A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service...
DEBIAN-CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...
Open Web Analytics 1.5.6 PHP Object Injection Vulnerability
Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
Asterisk Project Security Advisory - AST-2014-015 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Moderate Exploits Known No Reported On 30 October 2014 Reported By Yaron Nahum...
DEBIAN-CVE-2014-7824
D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...
CVE-2014-3684
CVE-2014-3684 affects the TORQUE Resource Manager (lib/Libifl/tm.c, tm_adopt) across 5.0.x, 4.5.x, 4.2.x and earlier. The root cause is that the owner of a process is not validated to also own the adopted session id, enabling remote authenticated users to kill arbitrary processes via a crafted ex...
UBUNTU-CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/smstatefuns.c...