Code injection

An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...

CVE-2014-0496

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

UBUNTU-CVE-2013-1008

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in...

Ubuntu Update for icedtea-web USN-1804-2

Check for the Version of icedtea-web OpenVAS Vulnerability Test $Id: gbubuntuUSN18042.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for icedtea-web USN-1804-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. CVE-2013-1926 It was discovered that IcedTea-Web did not properly...

Ubuntu Update for thunderbird USN-1791-1

Check for the Version of thunderbird OpenVAS Vulnerability Test $Id: gbubuntuUSN17911.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for thunderbird USN-1791-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

CVE-2013-1912

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a denial of service crash and possibly execute...

MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113)

This host is missing an important security update according to Microsoft Bulletin MS13-019. OpenVAS Vulnerability Test $Id: secpodms13-019.nasl 5346 2017-02-19 08:43:11Z cfi $ MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability 2790113 Authors: Antu Sanadi Copyright:...

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

Google Chrome Multiple Vulnerabilities-01 (Jan 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2013-6

Multiple unrestricted file upload vulnerabilities in the 1 twikidraw action/twikidraw.py and 2 anywikidraw action/anywikidraw.py actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, the...

CVE-2012-6495

Removed by vendor...

CubeCart 3.0.20 Multiple Vulnerabilities

CubeCart versions 3.0.20 and below suffer from a remote shell upload, cross site scripting and remote SQL injection vulnerabilities. 1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart softwa...

CVE-2012-3995

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecifi...

freeradius: fix stack overflow in TLS handling (important)

This update of freeradius fixes a stack overflow in TLS handling, which can be exploited by remote attackers able to access Radius to execute code...

VMWare Tools privilege escalation

It's possible to execute code via DLL hijacking...

PT-2012-4786 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 4.5.x through 4.5.18 TYPO3 versions 4.6.x through 4.6.11 TYPO3 versions 4.7.x through 4.7.3 Description: The issue allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP co...

CVE-2012-2658

Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service crash via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has...

Ubuntu Update for imagemagick USN-1544-1

Ubuntu Update for Linux kernel vulnerabilities USN-1544-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15441.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for imagemagick USN-1544-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net...