CVE-2013-2266

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a memory-exhaustion attack again...

Code injection

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a memory-exhaustion attack again...

CVE-2013-2266

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service memory consumption via a crafted regular expression, as demonstrated by a memory-exhaustion attack again...

OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the...

CVE-2012-0711

Integer signedness error in the db2dasrrm process in the DB2 Administration Server DAS in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow...

Integer overflow

Integer signedness error in the db2dasrrm process in the DB2 Administration Server DAS in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow...

CVE-2012-0711

CVE-2012-0711 is a remote code execution/privilege-escalation vulnerability in the DB2 Administration Server (DAS) of IBM DB2. The issue is a heap-based buffer overflow caused by an integer signedness error in the db2dasrrm process and affects UNIX platforms on: DB2 9.1 GA through FP11, DB2 9.5 G...

PuTTY SSH authentication password information disclosure vulnerability-vulnerability warning-the black bar safety net

Affected version: Simon Tatham PuTTY 0.61 Simon Tatham PuTTY 0.60 Simon Tatham PuTTY 0.59 Vulnerability description: BUGTRAQ ID: 51021PuTTY Windows and Unix platforms PuTTYTelnet and SSH implementation, with an xterm terminal emulator. PuTTY 0. 5 9 to 0. 6 1 version does not delete the...

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23)

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater...

CVE-2011-0894

Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...

CVE-2011-0894

Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allows remote authenticated users to bypass intended access restrictions via unknown vectors...

Adobe Readies Patch for Critical Reader, Acrobat Flaws

Adobe Inc. said on Friday that it is planning to release an out-of-cycle update to fix critical security holes in its Reader and Acrobat products, including a fix for a newly disclosed hole that is already being exploited in the wild. In a post on the company’s Product Security Incident Response...

Generic Web Application Unix Command Execution

This module can be used to exploit any generic command execution vulnerability for CGI applications on Unix-like platforms. To use this module, specify the CMDURI path, replacing the command itself with XXcmdXX. This module is currently limited to forms vulnerable through GET requests with query...

PT-2010-4294 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...

Code injection

Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors...

CVE-2010-2172

Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors...

JDK unspecified vulnerability in JavaWS/Plugin component

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect availability via unknown vectors...

CVE-2009-2858

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service memory consumption via unspecified vectors, related to private memory within the DB2 memory structure...