CVE-2014-0496

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

Design/Logic Flaw

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

CVE-2014-1201

Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-331D97A, and Edge3 LH340 series with firmware 11.19.851FE3A allows remote attackers to cause a denial of service crash and possibl...

Design/Logic Flaw

webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header...

Synology DiskStation Manager arbitrary file modification

Overview Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges. Description CWE-284: Improper Access Control - CVE-2013-6955Synology DiskStation Manager...

CVE-2013-2349

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896...

CVE-2013-2346

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870...

CVE-2013-2349

Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1896...

CVE-2013-3846

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," ...

CVE-2013-6189

Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer formerly HP Database Archiving 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666...

CVE-2013-5195

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1...

Format string

Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service crash or possibly execute arbitrary code via format string specifiers in the Remote File field...

CVE-2013-6809

CVE-2013-6809 affects the Tftpd32 client; a format-string vulnerability in the Remote File field in versions before 4.50 can allow a remote server to crash the client or potentially execute arbitrary code. The PacketStorm reference indicates a fixed status with the solution being upgrade to v4.50...

CVE-2013-1913

Integer overflow in the loadimage function in file-xwd.c in the X Window Dump XWD plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large color entries value in an X Window Syste...

CVE-2013-5613

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via...

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by...

Adobe Releases Security Update for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends...

CVE-2011-4351

Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors...

IBM Lotus Domino iNotes Buffer Overflow Vulnerability

IBM Lotus Domino is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:lotusdomino"; i...

CVE-2012-6535

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted DjVu aka .djv file...