4662 matches found
PT-2012-1838 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...
JNDI: unauthenticated remote write access is permitted by default
The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...
DEBIAN-CVE-2011-1528
The krb5ldaplockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service assertion failure and daemon exit via unspecified vectors, related to the...
CVE-2011-1689
Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
kdelibs: partially universal XSS in Konqueror error pages
Cross-site scripting XSS vulnerability in the KHTMLPart::htmlError function in khtml/khtmlpart.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site...
UBUNTU-CVE-2011-1723
Cross-site scripting XSS vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information...
tomcat: remote DoS via NIO connector
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...
krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)
MIT Kerberos 5 aka krb5 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center KDC, or forge a KRB-SAFE message via...
DEBIAN-CVE-2010-2799
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments...
VulnCheck KEV: CVE-2008-0600
The vmsplicetopipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010...
PT-2010-3497 · Com Jvehicles · Jvehicles
Name of the Vulnerable Software and Affected Versions: Jvehicles com jvehicles versions 1.0 through 2.1111 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the aid parameter in an "agentlisting" action to "index.php". Recommendations: For...
python: imageop module multiple integer overflows
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different...
PT-2009-1060 · Linux +1 · Kpartx +3
Name of the Vulnerable Software and Affected Versions: device-mapper-multipath versions 0.4.5 through 0.4.8 multipath-tools versions prior to 0.4.8-r1 kpartx version 0.4.7 Description: The issue concerns the Device Mapper multipathing driver, which uses world-writable permissions for the socket...
CVE-2008-6399
Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows remote attackers to "add additional roles to their user account" via unknown attack vectors...
DEBIAN-CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in 1 HttpMsg.c and 2 HttpStatusLine.c...
PT-2009-2955 · K23Productions · Tftputil Gui
Name of the Vulnerable Software and Affected Versions: k23productions TFTPUtil GUI versions 1.2.0 through 1.3.0 Description: The issue allows remote attackers to cause a denial of service, resulting in a service crash. This can be achieved by sending a crafted request with a long filename...
CVE-2008-5086
Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a connection is read-only, which allows local users to bypass intended access restrictions and perform administrative actions...
DEBIAN-CVE-2008-5032
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, bu...
wireshark: memory disclosure in the RMI dissector
Unspecified vulnerability in the RMI dissector in Wireshark formerly Ethereal 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors...
DEBIAN-CVE-2008-4101
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...