6036 matches found
UBUNTU-CVE-2015-0831
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...
Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...
Microsoft Windows Create Process Elevation of Privilege Vulnerability (3031432)
This host is missing an important security update according to Microsoft Bulletin MS15-015. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Google Chrome V8 Same Origin Bypass Vulnerability
Google Chrome is a popular WEB browser. A security vulnerability in Google Chrome V8 Harmony proxy allows attackers to bypass the same-origin policy by calling JavaScript code via specially crafted Proxy.create and console.log...
ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' SQL Injection Vulnerability
ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. ManageEngine ServiceDesk Plus 'CreateReportTable.jsp' has a SQL injection vulnerability due to the program failing to adequately filter user-supplied data before using it in SQL...
PT-2023-25554 · Monetdb +1 · Monetdb Server +1
Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the log create delta component allows attackers to cause Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server versions 11.45.17 throug...
Oracle Database Server Remote Vulnerability (CNVD-2015-00473)
Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...
Oracle Database Server Remote Vulnerability (CNVD-2015-00470)
Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session, Create Table' privileges using the 'Oracle Net' protocol...
Oracle Database Server Remote Vulnerability (CNVD-2015-00487)
Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...
Oracle Database Server Remote Vulnerability (CNVD-2015-00472)
Oracle Database is a large database of commercial nature. A remote vulnerability exists in Oracle Database Server that allows an attacker to gain 'Create Session' privileges using the 'Oracle Net' protocol...
ManageEngine Desktop Central - Create Administrator
Administrator account creation in ManageEngine Desktop Central / Desktop Central MSP Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= Disclosure: 31/12/2014 / Last updated: 05/01/2015...
CVE-2010-5315
Multiple cross-site request forgery CSRF vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create categories via a data array to news/saveCategories or 2 modify credentials via a data array to admin/saveUser...
Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...
iUSB 1.2 Arbitrary Code Execution
Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...
Jease CMS v2.11 - Persistent UI Web Vulnerability
Document Title: =============== Jease CMS v2.11 - Persistent UI Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1373 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8780 CVE-ID: ======= CVE-2014-8780 Release Date: =============...
iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability
Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...
CVE-2014-8737
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. dot dot or full path name in an archive to 1 strip or 2 objcopy or create arbitrary files via 3 a .. dot dot or full path name in an archive to ar...
File Manager 4.2.10 iOS - Code Execution Vulnerability
No description provided by source. Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID:...
File Manager v4.2.10 iOS - Code Execution Vulnerability
Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...
CVE-2014-2022
SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...