CVE-2012-0680

Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation...

CVE-2012-3360

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. dot dot in the path attribute of a file element...

Remote code execution

Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."...

UBUNTU-CVE-2012-2678

389 Directory Server before 1.2.11.6 aka Red Hat Directory Server before 8.2.10-3, after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhasheduserpassword attribute...

Quagga < 0.99.9 BGPD Multiple Denial of Service Vulnerabilities

According to its self-reported version number, the installation of Quagga's BGP daemon listening on the remote host is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability can be triggered by a malformed OPEN message from an explicitly configured BGP peer. ...

rhds/389: plaintext password disclosure flaw

389 Directory Server before 1.2.11.6 aka Red Hat Directory Server before 8.2.10-3, after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhasheduserpassword attribute...

OpenCart CMS Cross Site Scripting

| |/ | | / | | / \ | | | | / \ | | | |/ | | / | | | | ' \ / / / / / / / / | / / \ \ | | | | | |/ / | | | \ \ \ | | \ \ \ | / / /||/|| |// \ , /\ , /|// || / || || / || || -------------------------------------------------------------------...

rhds/389: plaintext password disclosure flaw

389 Directory Server before 1.2.11.6 aka Red Hat Directory Server before 8.2.10-3, after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhasheduserpassword attribute...

libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

CVE-2011-3083

browser/profiles/profileimpliodata.cc in Google Chrome before 19.0.1084.46 does not properly handle a malformed ftp URL in the SRC attribute of a VIDEO element, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted web page...

Novell iManager jclient 'EnteredAttrName' Buffer Overflow Vulnerability

The host is running Novell iManager and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbnovellimanagerjclientbofvuln.nasl 5940 2017-04-12 09:02:05Z teissa $ Novell iManager jclient 'EnteredAttrName' Buffer Overflow Vulnerability Authors: Rachana Shetty Copyright:...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

TOM Online WEB mailbox the presence of multiple CSRF vulnerabilities and fixes-vulnerability warning-the black bar safety net

For contains a picture of the accessory, a request to Annex when the Referer will be exposed to the current sid, for example: GET /mblogpic/be654a34c8f4aad1ec6a/2 0 0 0 HTTP/1.1 Host: t100. qpic. cn Connection: keep-alive Cache-Control: max-age=0 If-Modified-Since: Mon, 0 6 Apr 2 0 1 2 1 4:0 0:0 ...

CVE-2011-4188

Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service application crash or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

extension): MITM due to improper validation of AX attribute signatures

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...

Google Chrome < 17.0.963.65 Multiple Vulnerabilities

Binary data 800899.prm...