Microsoft Windows IME (Japanese) Privilege Elevation Vulnerability (2992719)

This host is missing a moderate security update according to Microsoft Bulletin MS14-078. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

F5 Networks BIG-IP : BIND 9 vulnerabilities - Dereferencing freed fetch context and DNSSEC Validation (SOL7053)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL7053. The text description of this plugin is C F5 Networks...

CVE-2014-1819

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font...

CVE-2014-1819

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font...

CVE-2014-1819

CVE-2014-1819 affects Windows kernel-mode font handling (win32k.sys) where access to font-file objects is not properly controlled, enabling local privilege escalation via a crafted font file. Connected docs corroborate font-file handling as the root cause and map to MS14-045 kernel-mode driver up...

What happens when you read a response?

There's a bit of disagreement over the behaviour of requests and responses in the fetch API, curious to know what you think… Setting the scene The new fetch API gives the web proper Request and Response primitives. fetch'/whatever'.thenfunctionresponse return response.body.asJSON; .thenfunctionda...

NateOn Messenger 3.0 Arbitrary File Download And Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14974/info NateOn Messenger is susceptible to an arbitrary file download vulnerability, and a buffer overflow vulnerability. These issues are present in the 'NateonDownloadManager.ocx' ActiveX control that is installed wi...

PT-2014-3429 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to the "tftp/fetch boot file" endpoint...

Sqlmap Automated SQL Injection tool

Sqlmap is an automated SQL Injection tool. Remote attackers can use Sqlmap to fetch data from the database and execute SQL statements...

BSQL Automated SQL Injection tool

BSQL is an automated SQL Injection tool. Remote attackers can use BSQL to fetch data from the database and execute SQL statements...

DEBIAN-CVE-2014-1921

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...

CVE-2014-1921

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...

Design/Logic Flaw

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...

CVE-2014-1921

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors...

Yahoo!: Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)

Thank you for your submission to Yahoo’s Bug Bounty program. There were similar reports submitted, this report is marked as closed as the other reports will be triaged. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program. ...

tipask quiz system 2. 0SQL time of the blind injection vulnerability-vulnerability warning-the black bar safety net

File /model/question.php function ontag $tag = urldecode$this-get'2'; //secondary code to bypass //echo $tag; $encodeword = urlencode$tag; $navtitle = $tag . '-Tag search'; $qstatus = $status = intval$this-get3; !$ status && $qstatus = "1,2,6"; $startindex = $page - 1 $pagesize; $rownum =...

CVE-2013-3888

dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."...

CVE-2013-3864

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k...

CVE-2013-3865

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k...

CVE-2013-1344

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application, aka "Win32k...