SolarWinds Server and Application Monitor C1Chart3D8 Array Indexing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

Microsoft OpenType Font Index Privilege Escalation - Ver2 (CVE-2010-3956)

A privilege escalation vulnerability has been reported in the OpenType Font OTF format driver. The vulnerability is due to an error in the OpenType Font OTF format driver that fails to properly index an array when parsing OpenType fonts. A remote attacker could exploit this vulnerability via a...

postgresql: array indexing error in enum_recv()

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a...

Java - 'storeImageArray()' Invalid Array Indexing (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java storeImageArray() Invalid Array Indexing Vulnerability

This Metasploit module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray function in order to produce a memory corruption and finally escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play,...

[PSA-2013-0811-1] Oracle Java storeImageArray() Invalid Array Indexing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0811-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

Oracle Linux 5 : gstreamer-plugins-good (ELSA-2009-0271)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0271 advisory. 0.10.9-1.el5.1 - Add patch for CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 Related: rhbz 483220 Tenable has extracted the preceding description block...

Oracle Java cmmColorConvert Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific vulnerability is an array indexing flaw...

Apple iTunes Multiple Vulnerabilities - June13 (Windows)

This host is installed with Apple iTunes and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbappleitunesmultvulnjun13win.nasl 8169 2017-12-19 08:42:31Z cfischer $ Apple iTunes Multiple Vulnerabilities - June13 Windows Authors: Thanga Prakash S Copyright: Copyright c 2013...

Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)

This host is installed with Apple iTunes and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbappleitunesmultvulnjun13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Apple iTunes Multiple Vulnerabilities - June13 Mac OS X Authors: Thanga Prakash S Copyright: Copyright c 2013...

Oracle Java setICMpixels Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 (Windows)

This host is installed with Adobe Shockwave Player and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbadobeshockwaveplayermultvulnnov12win.nasl 5940 2017-04-12 09:02:05Z teissa $ Adobe Shockwave Player Multiple Vulnerabilities Nov-2012 Windows Authors: Antu Sanadi...

Adobe Shockwave Player Multiple Vulnerabilities (Nov 2012) - Windows

Adobe Shockwave Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Shockwave Player Multiple Vulnerabilities (Nov 2012) - Mac OS X

Adobe Shockwave Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 5 : tetex (RHSA-2012:1201)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1201 advisory. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent...

Scientific Linux Security Update : gstreamer-plugins-good on SL5.x i386/x86_64

Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary...

Scientific Linux Security Update : gstreamer-plugins on SL3.x, SL4.x i386/x86_64

An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

This module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JITJust-In-Time code being executed. This is the same vulnerability that was used for attacks against...

Adobe Flash Player AVM Verification Logic Array Indexing Code Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Adobe Flash Player AVM...