CVE-2015-1227

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

chromium-browser: Uninitialized value in blink

The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image decoding, as demonstrated by an image for which t...

UBUNTU-CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...

Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...

Microsoft Windows Create Process Elevation of Privilege Vulnerability (3031432)

This host is missing an important security update according to Microsoft Bulletin MS15-015. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Google Chrome V8 Same Origin Bypass Vulnerability

Google Chrome is a popular WEB browser. A security vulnerability in Google Chrome V8 Harmony proxy allows attackers to bypass the same-origin policy by calling JavaScript code via specially crafted Proxy.create and console.log...

ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability

ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' has a SQL injection vulnerability due to the program failing to adequately filter user-supplied data before using it in SQL...

PT-2023-25554 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the log create delta component allows attackers to cause Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server versions 11.45.17 throug...

Oracle Database Server Remote Vulnerability (CNVD-2015-00473)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00470)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session, Create Table' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00487)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

Oracle Database Server Remote Vulnerability (CNVD-2015-00472)

Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...

ManageEngine Desktop Central - Create Administrator

Administrator account creation in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 31/12/2014 / Last updated: 05/01/2015...

CVE-2010-5315

Multiple cross-site request forgery CSRF vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create categories via a data array to news/saveCategories or 2 modify credentials via a data array to admin/saveUser...

Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)

A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...

iUSB 1.2 Arbitrary Code Execution

Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...

Jease CMS v2.11 - Persistent UI Web Vulnerability

Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1373 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780 CVE-ID: ======= CVE-2014-8780 Release Date: =============...

iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability

Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...

CVE-2014-8737

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. dot dot or full path name in an archive to 1 strip or 2 objcopy or create arbitrary files via 3 a .. dot dot or full path name in an archive to ar...

File Manager 4.2.10 iOS - Code Execution Vulnerability

No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...