CVE-2013-4401

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained fr...

CVE-2013-4401

The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained fr...

Ruby Exception#to_s / NameError#to_s Methods Safe Level Security Bypass

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2012-4464

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the 1 exctos or 2 nameerrtos API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE:...

CVE-2012-3530

Incomplete blacklist vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting XSS attacks via certain HTML5 JavaScript events...

Document vulnerability ShellCode look-vulnerability warning-the black bar safety net

Inscription: still very much like to put this topic, put so long, also modified several versions, are not satisfied, today was pushed again to write, as much as possible to put themselves know something write it out, learn the need to constantly summary of to accumulate, on a Sunday ride out, see...

CVE-2008-7290

Memory leak in the ldapexploderdn API function in IBM Tivoli Directory Server TDS 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service memory consumption by making many function calls...

Debian DSA-2016-1 : drupal6 - several vulnerabilities

Several vulnerabilities SA-CORE-2010-001 have been discovered in drupal6, a fully-featured content management framework. Installation cross site scripting A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attac...

Drupal 6.15, 5.21 (API function drupal_goto) Open Redirect Vulnerability

Exploit for unknown platform in category web applications =========================================================================== Drupal 6.15, 5.21 API function drupalgoto Open Redirection Vulnerability =========================================================================== Open redirecti...

Command injection

The ListView control in the Client GUI AClient.exe in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to 1 overwrite the CommandLine...

Mandriva Linux Security Advisory : php (MDVSA-2008:126)

A number of vulnerabilities have been found and corrected in PHP : PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being...

Mandriva Update for php MDVSA-2008:126 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2008:126 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Debian DSA-1578-1 : php4 - several vulnerabilities

Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3799 The sessionstart function allows remote attackers to insert arbitrary attributes int...

Debian DSA-1572-1 : php5 - several vulnerabilities

Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3806 The glob function allows context-dependent attackers to cause a denial of service and possibly...

ZoneAlarm及Comodo防火墙本地绕过保护机制漏洞

ZoneAlarm和Comodo都是非常流行的个人防火墙。 ZoneAlarm及Comodo防火墙在检测管理进程的实现上存在漏洞，本地攻击者可能利用此漏洞绕过检测。...

MOPB-41-2007:PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability

Summary When sqliteudfdecodebinary is called with a string only containing a single 0x01 char this will result in a call to the sqlitedecodebinary function with an empty string as parameter. This leads to an exploitable buffer overflow. Affected versions Affected are PHP 4 4.4.5 and PHP 5 5.2.1...

Microsoft Windows ReadDirectoryChangesW information leak

ReadDirectoryChangesW API function doesn't check user's privileges for subtree folders, making it's possible for unprivileged user to gather information about sensitive files...

CVE-2006-3697

Agnitum Outpost Firewall Pro 3.51.759.6511 462, as used in 1 Lavasoft Personal Firewall 1.0.543.5722 433 and 2 Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain...

Design/Logic Flaw

The RtlDosPathNameToNtPathNameU API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or...

CVE-2006-2334

The CVE-2006-2334 issue affects the Windows NT kernel user-mode path conversion: the RtlDosPathNameToNtPathName_U API in NTDLL.DLL on Windows 2000 SP4 and XP SP2 mishandles DOS-style paths with trailing spaces, allowing context-dependent attackers to create files that aren’t accessible via the ex...