104 matches found
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-02506 )
Apache Struts is an open source framework for creating enterprise Java Web applications. A remote code execution vulnerability exists in Struts2, which can be exploited by an attacker to execute arbitrary code on the server side of a server that initiates a dynamic method call...
F5 Networks BIG-IP : D-Bus vulnerability (SOL17256)
The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
php5 -- multiple vulnerabilities
The PHP project reports: Core: Fixed bug 69793 Remotely triggerable stack exhaustion via recursive method calls. Fixed bug 70121 unserialize could lead to unexpected methods execution / NULL pointer deref. OpenSSL: Fixed bug 70014 opensslrandompseudobytes is not cryptographically secure. Phar:...
CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
UBUNTU-CVE-2014-8148
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges...
DEBIAN-CVE-2014-3638
The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...
Design/Logic Flaw
The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...
CVE-2014-3638
The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...
CVE-2014-3638
The busconnectionscheckreply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service CPU consumption via a large number of method calls...
Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10689/info A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust...
CVE-2013-5024
An ActiveX control in NationalInstruments.Help2.dll in National Instruments NI .NET Class Library Help, as used in Measurement Studio 2013 and earlier and other products, allows remote attackers to obtain sensitive information about the existence of registry keys via crafted 1 key-open or 2...
[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU
Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...
CVE-2010-2188
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different argument...
Mandriva Update for dbus MDVSA-2008:054 (dbus)
Check for the Version of dbus OpenVAS Vulnerability Test Mandriva Update for dbus MDVSA-2008:054 dbus Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CVE-2008-6531
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."...
dbus security update
CentOS Errata and Security Advisory CESA-2008:0159 Updated dbus packages that fix an issue with circumventing the security policy are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. D-Bus is a system for sending messages between...
DEBIAN-CVE-2008-0595
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes sendinterface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface...
CVE-2008-0595
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes sendinterface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface...
[ MDVSA-2008:054 ] - Updated dbus packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:054 http://www.mandriva.com/security/ Package : dbus Date : February 28, 2008 Affected: 2007.0, 2007.1, 2008.0 Problem Description: A vulnerability was discovered by Havoc Pennington in how the dbus-daemon...