89 matches found
PostgreSQL -- two vulnerabilities
The PostgreSQL project reports: CVE-2018-10915: Certain host connection parameters defeat client-side security defenses libpq, the client connection API for PostgreSQL that is also used by other connection libraries, had an internal issue where it did not reset all of its connection state variabl...
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...
The vulnerability of the microprogrammed software of the Cohu 3960HD IP camera allows a intruder to execute arbitrary code.
The vulnerability of the Microprogrammed IP Camera Cohu 3960HD is related to the implementation of security functions at the client side. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by manipulating camera parameters remotely...
Memory Corruption Mitigations Driving Up Exploit Development Costs
SINT MAARTEN—Memory corruption mitigations that have been integrated into major desktop and mobile operating systems are driving up the cost of client-side exploit development and making viable vulnerabilities scarcer than they were a decade ago. Mark Dowd, whose career has been intimately linked...
W150D Wireless N 150 ADSL2 Modem Router Vulnerability
Document Title: =============== W150D Wireless N 150 ADSL2 Modem Router Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1612 Release Date: ============= 2015-10-06 Vulnerability Laboratory ID VL-ID: ==================================== 1612...
Microsoft Afkar Web Service - Cross Site Vulnerabilities
Document Title: =============== Microsoft Afkar Web Service - Cross Site Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=4797 MSRC ID: 12328nj Release Date: ============= 2012-04-13 Vulnerability Laboratory ID VL-ID:...
Apple QuickTime - '_Marshaled_pUnk' Backdoor Client-Side Arbitrary Code Execution
Original Source: http://reversemode.com/index.php?option=comcontent&task=view&id=69&Itemid=1 Victim prerequisites: Internet Explorer. XP,Vista,W7. Apple Quicktime 7.x, 6.x 2004 versions are also vulnerable, older versions not checked 1. Victim is enticed into visiting, by any mean, a specially...
CVE-2007-5227
Multiple cross-site scripting XSS vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the 1 subjectt and 2 bodytext parameters. NOTE: vector 2...
tdforum 1.2 Messageboard
Examination of the program "TDForum 1.2", a guest book style, unthreaded messageboard, for sale at http://www.tdscripts.com http://www.tdavidscripts.com/ aliases the same, revealed a serious client-side security risk to the users of the forum. Because user supplied data is not being sanitized,...