4308 matches found
CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
Memory corruption
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
CVE-2012-2881
Removed by vendor...
CVE-2012-2881
Technical details (affected product/component/version, root cause, exploit info, or remediation) are not publicly available in the provided connected documents beyond the initial CVE description. Monitor for updates from official advisories.
CVE-2012-1651
Cross-site scripting XSS vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1651
Cross-site scripting XSS vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1651
CVE-2012-1651 affects the Drupal Submenu Tree contributed module prior to version 6.x-1.5. The vulnerability is a Cross-site Scripting (XSS) flaw caused by inadequate sanitization of user-supplied data when displaying a list of menu entries, exploitable by remote authenticated users via unspecifi...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
Scientific Linux Security Update : selinux-policy enhancement update on SL5.x, SL6.x i386/x86_64 (20120911)
This update adds the following enhancements : - Previously, with the MLS policy activated, a user created with a MLS level was not able to log into the system using the ssh utility because an appropriate MLS policy rule was missing. This update adds the MLS rule and users can now log into the...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
DEBIAN-CVE-2012-4292
The dissectstunmessage function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial ...
UBUNTU-CVE-2012-4292
The dissectstunmessage function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial ...
Shopping Tree Cross Site Scripting
Exploit Title: Shopping Tree Cross Site Scripting Google Dork: "Shopping Tree, Inc" Date: 14/08/2012 Author: IranianDarkCodersTeam Discovered By : Nafsh Site : http://idc-team.net/ Software Link: http://www.shoppingtree.com Bug : /logon.asp?msg= Xss Example :...
eGlibc - Signedness Code Execution
Exploit Title: eGlibc Signedness Vulnerability Date: November 2011 Exploit Author: c0ntex Vendor Homepage: http://www.eglibc.org Software Link: http://www.eglibc.org/home Version: eGlibc supplied by Ubuntu 10.4 LTS Tested on: Ubuntu 10.4 LTS CVE : CVE-2011-2702 A delicious, yet slightly cold...
Scientific Linux Security Update : selinux-policy on SL6.x i386/x86_64 (20120709)
This update adds the following enhancements : - When the system produces a new SELinux denial, the setroubleshootd daemon executes the rpm tool to check information about the relevant packages. Previously, setroubleshootd was unable to execute the rpm tool, and AVC denials were logged in the...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...