CVE-2014-1719

Removed by vendor...

Autodesk AutoCAD Insecure Library Loading (CVE-2014-0819)

An insecure library loading vulnerability has been reported in AutoCAD. The vulnerability is due to an improper dynamic link library DLL search path leading to insecure library loading. A remote attacker could exploit this vulnerability by enticing a user to process an AutoCAD file from a malicio...

Autodesk AutoCAD Insecure FAS Loading (CVE-2014-0818)

A code execution vulnerability has been reported in AutoCAD. The vulnerability is due to using improper search path when loading FAS files. A remote attacker could exploit this vulnerability by enticing a user to process an FAS file from a malicious source...

Autodesk AutoCAD < 2014 Multiple Vulnerabilities

The remote host has a version of Autodesk AutoCAD installed prior to AutoCAD 2014. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling FAS files that could allow execution of arbitrary VBScript code. CVE-2014-0818 - An error exists relat...

Fedora 20 : ReviewBoard-1.7.22-2.fc20 (2014-3446)

New upstream security release 1.7.22 - http://www.reviewboard.org/docs/releasenotes/reviewboa rd/1.7.22/ - Security Fixes : - An XSS vulnerability was found in the Search field's auto-complete. - New Features : - Added support for anonymous access to public Local Sites. - Added support for...

Java Faces Miniwebshell

Всем привет, немного посмотрел java server faces. Если у вас есть возможнось загрузить shell.xhtml и как-то проинклудить его, то вот небольшой вебшелл. Соус в том, что мы не можем создавать переменные или что-то куда-то нормально присваивать. Но можем вызывать стейтменты, подгружать классы и в...

Microsoft Excel NAME Record Array Indexing Stack Buffer Corruption - Ver2 (CVE-2008-4266)

A code execution vulnerability has been reported in Microsoft Office Excel. The vulnerability is due to a stack corruption in Microsoft Excel when loading Excel records. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

AutoCAD may insecurely load dynamic libraries

Overview AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#43254599: AutoCAD may insecurely load dynamic libraries

AutoCAD provided by Autodesk, Inc. is an application for comuputer-aided design CAD. AutoCAD contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact Arbitrary code may be executed with the privileges of the running application. Solution Upgrade t...

Don't use flexbox for overall page layout

When I was building this blog I tried to use flexbox for the overall page layout because I wanted to look cool and modern in front of my peers. However, like all of my other attempts to look cool and modern, it didn't really work. Why? Well, take my hand and follow me into the next section… Updat...

SAP GUI DLL Loading Arbitrary Code Execution (Note 1511179)

The remote host is running a version of SAP GUI that reportedly insecurely looks in its current working directory when resolving DLLs such as 'MFC80LOC.DLL' and 'MFC80RUS.DLL'. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid72211; scriptversion"1.4";...

Updated librsvg and gtk+3.0 packages fix security vulnerability

librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg...

CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

CVE-2012-5394

Cross-site request forgery CSRF vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading...

CVE-2012-5394

Cross-site request forgery CSRF vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authentication of users for requests that login via vectors involving image loading...

[SECURITY] Fedora 18 Update: php-symfony2-ClassLoader-2.2.10-1.fc18

The ClassLoader Component loads your project classes automatically if they follow some standard PHP conventions. Whenever you use an undefined class, PHP uses the auto-loading mechanism to delegate the loading of a file defining the class. Symfony2 provides a "universal" auto-loader, which is abl...

VMWare Workstation privilege escalation

Unsafe shared library loading...

Debian DSA-2785-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. - CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. - CVE-2013-2908 Chamal de Silva discovered an address bar...

Corel PaintShop Pro Insecure Library Loading (CVE-2013-0733)

A code execution vulnerability exists in Corel's PaintShop Pro...

[SECURITY] [DSA 2785-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2785-1 [email protected] http://www.debian.org/security/ Michael Gilbert October 26, 2013 http://www.debian.org/security/faq -...