928 matches found
Linksys WAP610N Unauthenticated Root Access Security Vulnerability
No description provided by source. Secure Network - Security Research Advisory Vuln name: Linksys WAP610N Unauthenticated Access With Root Privileges Systems affected: WAP610N Firmware Version: 1.0.01 Systems not affected: -- Severity: High Local/Remote: Remote Vendor URL:...
LG U8120 Mobile Phone MIDI File Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13154/info A remote denial of service vulnerability is reported to affect the LG U8120 Mobile Phone. The report indicates that the issue manifests when an affected phone processes a malicious MIDI file. The following...
MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities
No description provided by source. Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I found multiple bugs in MailEnable Enterprise Edition ASP Version = 2.0 that I listed them below: 1 - Any user can login to web administration site. 2 - Authenticated normal user can gain ADMIN or SYSADMI...
Final Draft 8 Multiple Stack Buffer Overflows
No description provided by source. Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft 8.02 Researcher : Nick Freeman [email protected] Description...
Threat Outbreak Alert: Fake Draft Attachment Email Messages on March 21, 2014
Medium Alert ID: 33469 First Published: 2014 March 24 15:26 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a draft for the recipient. The text in the email message attempts to convince the recipient to open the attachme...
CVE-2012-6635
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft...
CVE-2012-6635
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft...
Final Draft 8 File Format Stack Buffer Overflow Vulnerability
This Metasploit module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however Word in IgnoredWords is the only field to accept mixed-case characters. require 'msf/core' class Metasploit3 'Final Draft 8 File Format Stack Buffer Overflow',...
Final Draft 8 File Format Stack Buffer Overflow
require 'msf/core' class Metasploit3 'Final Draft 8 File Format Stack Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however in is the only field to accept mixed-case characters. , 'License'...
Final Draft 8 File Format Stack Buffer Overflow
require 'msf/core' class Metasploit3 'Final Draft 8 File Format Stack Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow in Final Draft 8. Multiple fields are vulnerable to the overflow, however in is the only field to accept mixed-case characters. , 'License'...
Race condition
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...
krb5: PKINIT null pointer deref leads to DoS
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
CVE-2012-1016
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
DEBIAN-CVE-2012-1016
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
Null pointer dereference
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
CVE-2012-1016
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...
CVE-2012-1016
The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...