[SECURITY] Fedora 18 Update: libxcb-1.9-3.fc18

The X protocol C-language Binding XCB is a replacement for Xlib featuring a small footprint, latency hiding, direct access to the protocol, improved threading support, and extensibility...

International Airlines any user is bound to any phone,any reset a user's password-vulnerability warning-the black bar safety net

In my information point to modify the phone to send the verification code to set up burpsuite cut package Phone=1 5 0&userName=admin Modify your mobile phone number and want to reset the password of the username there is a very magical thing to modify is successful will directly jump to you to...

VMware security updates for vCenter Server

a. vCenter Server AD anonymous LDAP binding credential by-passvCenter Server when deployed in an environment that uses Active Directory AD with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name an...

VMSA-2013-0006:VMware security updates for vCenter Server

VMSA-2013-0006.1 VMware security updates for vCenter Server VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0006.1 VMware Security Advisory Synopsis: VMware security updates for vCenter Server VMware Security Advisory Issue date: 2013-04-25 VMware Security Advisory Update...

Type confusion

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 a...

CVE-2013-2436

Technical details for CVE-2013-2436 are not publicly provided in the connected documents. The initial entry contains general vulnerability information but no affected product/version specifics or root-cause. Monitor for updates from authoritative sources for any concrete details.

Google Chrome Multiple Vulnerabilities-02 March 2013 (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln02mar13win.nasl 6074 2017-05-05 09:03:14Z teissa $ Google Chrome Multiple Vulnerabilities-02 March 2013 Windows Authors: Thanga Prakash S Copyright: Copyright ...

CVE-2013-0908

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors...

CVE-2013-0908

Google Chrome before 25.0.1364.152 does not properly manage bindings of extension processes, which has unspecified impact and attack vectors...

Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)

The XBL.proto.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR...

CVE-2011-5245

CVE-2011-5245 affects RESTEasy (JBoss REST framework). The vulnerability arises in the readFrom function of providers.jaxb.JAXBXmlTypeProvider, allowing an XML External Entity (XXE) injection that lets an attacker read arbitrary files via an external entity reference in JAXB input. Affected versi...

CVE-2011-5245

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

CVE-2012-4064

Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to 1 Cloud Controller or 2 Walrus with the internal message format and a modified user id...

CVE-2012-1833

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...

Design/Logic Flaw

VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application...

CVE-2012-1833

The CVE-2012-1833 entry affects VMware SpringSource Grails before 1.3.8 and Grails 2.x before 2.0.2. The root cause is improper data binding restrictions, which could allow remote attackers to bypass access controls and modify arbitrary object properties through a crafted request parameter. No ex...

RESTEasy: XML eXternal Entity (XXE) flaw

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

RESTEasy: XML eXternal Entity (XXE) flaw

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

RESTEasy: XML eXternal Entity (XXE) flaw

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

389: denial of service when using certificate groups

The acllashandlegroupentry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions ACIs that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service...