CVE-2013-0073

The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...

MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to a flaw in the way .NET elevates the permissions of a callback function when a particular Windows Forms object is created. C Tenable Network Security, Inc...

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

CVE-2013-0002

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Information disclosure

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Buffer overflow

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

CVE-2013-0001 concerns a vulnerability in the Windows Forms (WinForms) component of Microsoft .NET Framework (1.0 SP3–4.5). The root cause is improper initialization of memory arrays and use of a pointer to unmanaged memory, enabling information disclosure. Exploitation could occur via a crafted ...

CVE-2013-0002

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)

This host is missing an important security update according to Microsoft Bulletin MS13-004. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PT-2013-2052 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4.5 Description: An information disclosure issue exists due to improper initialization of memory arrays in the Windows Forms component. This allows remote attackers to obtain sensitive...

MS13-004: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)

The remote Windows host is running a version of Microsoft .NET Framework that is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the way the Windows Forms in .NET Framework handle pointers to unmanaged memory locations. CVE-2013-0001 - A buffer overflow...

PT-2013-2053 · Microsoft · Windows Forms +1

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4.5 Description: A buffer overflow issue in the Windows Forms component allows remote attackers to execute arbitrary code via a crafted XAML browser application or a .NET Framework application...

[SECURITY] Fedora 17 Update: drupal6-ctools-1.10-1.fc17

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

rubygem-actionpack: potential XSS vulnerability in select_tag prompt

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formtaghelper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the selecttag helper...

Oracle Forms Recognition Detection

The remote host has Oracle Forms Recognition installed. Oracle Forms Recognition is a software toolset for processing captured documents and delivering the data to backend systems. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62819; scriptversion"1.9";...

Oracle Forms Recognition Multiple ActiveX Control Arbitrary File Overwrite Vulnerabilities

The remote host has an unpatched version of Oracle Forms Recognition installed that is affected by multiple vulnerable ActiveX controls. A flaw in the 'Save' method of the 'CroScPlt' control, and the 'saveLayout' method of the 'Sssplt30' control may be exploited to overwrite arbitrary files on th...

Kaspersky Password Manager Installed (credentialed check)

Kaspersky Password Manager KPM was detected on the remote host. KPM provides automated username and password storage and can complete web forms automatically. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62799; scriptversion"1.10";...

FreeBSD : emacs -- remote code execution vulnerability (c1e5f35e-f93d-11e1-b07f-00235a5f2c9a)

Chong Yidong reports : Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to t...