6649 matches found
Design/Logic Flaw
The Web Proxy Auto-Discovery WPAD functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data duri...
[SECURITY] Fedora 17 Update: viewvc-1.1.17-1.fc17
ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings. It can display specific versions of files as well as diffs between those versions. Basically, ViewVC provides the bul...
Anwsion(v1. 1-Beta4) injection vulnerability-vulnerability warning-the black bar safety net
apphomemain.php8 5: public function exploreaction // Omitted........... By. Rices - Forum: T00ls.Net - Blog: Rices. so if $GET'category' if isnumeric$GET'category' //It is said before there can also be the injection so is isnum.. $categoryinfo = $this-model'system'-getcategoryinfo$GET'category'; ...
Nitol Infections Fall, But Malware Still Popping Up
When Microsoft went after the Nitol botnet in September, one of the key details in the investigation was the fact that much of the botnet was built by pre-loading malware onto laptops during the manufacturing process in China. This was the clearest case yet of the phenomenon of certified pre-owne...
CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...
CVE-2012-3152
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the Octob...
Design/Logic Flaw
DISPUTED Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH...
Design/Logic Flaw
Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, a...
CVE-2012-5380
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by...
CVE-2012-5377
CVE-2012-5377 is an untrusted search path vulnerability in ActivePerl 5.16.1.1601 when installed in the top-level C:\ directory. The installation places a Trojan horse DLL in C:\Perl\Site\bin, which is added to PATH and can be used by a local attacker to gain privileges via a missing DLL (wlbsctr...
FreeBSD Ports: chromium
The remote host is missing an update to the system as announced in the referenced advisory. VID 5bae2ab4-0820-11e2-be5f-00262d5ed8ee OpenVAS Vulnerability Test $ Description: Auto generated from VID 5bae2ab4-0820-11e2-be5f-00262d5ed8ee Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Information disclosure
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...
CVE-2012-2680
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...
CVE-2012-2890
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...
CVE-2012-2895
The PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations...
Code injection
Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document...
Design/Logic Flaw
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...
CVE-2012-2890
Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...
CVE-2012-2875
Removed by vendor...
CVE-2012-2895
CVE-2012-2895 affects Google Chrome’s PDF functionality. The vulnerability arises from out-of-bounds write operations triggered via crafted vectors, enabling remote denial of service and possibly other impact. Affected software: Google Chrome prior to version 22.0.1229.79. Exploitation vectors ar...