CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

PT-2011-48: Multiple Vulnerabilities in AtMail

Specialists from the Positive Technologies Research Center have revealed multiple vulnerabilities in the AtMail webmail interface. 1. Arbitrary Files Loading The system allows one to load files attached to email letters. File extension is not checked; thus, arbitrary files including .php files ca...

Authentication flaw

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

CVE-2011-4051

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

Century wind enterprise website management system vulnerability-vulnerability warning-the black bar safety net

by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+css architecture,is...

Century wind enterprise website management system plug horse vulnerabilities and fixes-vulnerability warning-the black bar safety net

From www.0855.tv by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+cs...

CVE-2011-2461

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...

CVE-2011-2461

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...

PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass

According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface ffi extension does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary D...

freetype security update

2.3.11-6.el61.8 - Add freetype-2.3.11-CVE-2011-3439.patch Various loading fixes. - Resolves: 754011...

Firefox 8.0 Null Pointer Dereference PoC

No description provided by source. Firefox = 8.0 null pointer dereference PoC exploit Author: 0in Maksymilian Motyl Tested on Firefox 8.0/4.0 on windows and Firefox 7.1 on Linux Lets see in code: $ cat ./mozilla-release/content/base/src/nsObjectLoadingContent.cpp NSIMETHODIMP...

Mozilla Firefox 8.0 Null Pointer Dereference

Firefox GetStatus&status; // Code execution is here. // --------------------------------------------------------------------------------- DUMP: 014E7A28 8B7D 08 MOV EDI,DWORD PTR SS:EBP+8 014E7A2B 8B07 MOV EAX,DWORD PTR DS:EDI ; access violation when reading 0x00000000 014E7A2D 8D4D FC LEA...

Windows Mail/Meeting Space不安全库加载漏洞(MS11-085)

CVE ID: CVE-2011-2016 Microsoft Windows是流行的计算机操作系统。 Microsoft Windows在实现上存在安全漏洞，可被恶意用户利用控制受影响系统。 此漏洞源于Windows Mail和Windows Meeting Space以不安全方式加载某些库，通过诱使用户打开远程WebDAV或SMB共享上的EML或WCLNV文件加载任意库。 0 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 厂商补丁： Microsoft ---------...

IBM Db2 'DT_RPATH' Insecure Library Loading Code Execution Vulnerabilities

IBM Db2 is prone to insecure library loading vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2";...

IBM DB2 'DT_RPATH' Insecure Library Loading Code Execution Vulnerabilities

The host is running IBM DB2 and is prone to insecure library loading vulnerabilities. OpenVAS Vulnerability Test $Id: secpodibmdb2dtrpathinsecurelibloadvuln.nasl 7024 2017-08-30 11:51:43Z teissa $ IBM DB2 'DTRPATH' Insecure Library Loading Code Execution Vulnerabilities Authors: Antu Sanadi...

Microsoft Windows Mail Insecure Library Loading Code Execution (MS11-085; CVE-2011-2016)

A remote code execution vulnerability has been reported in Microsoft Windows Mail and Windows Meeting Space. The vulnerability is due to an error in the way the application improperly restricts the path loading of dynamic link library DLL files. A remote attacker may exploit this vulnerability by...

FFFTP < 1.98b Untrusted Search Path Vulnerability - Windows

FFFTP is prone to untrusted search path vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JVN#62336482: FFFTP may insecurely load executable files

FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest...

FreeBSD : OpenTTD -- Buffer overflows in savegame loading (78c25ed7-f3f9-11e0-8b5c-b482fe3f522d)

The OpenTTD Team reports : Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame. %NASLMINLEVEL 7030...