3370 matches found
CVE-2014-1526
The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped...
Instant PDF Password Remover v3.5 - Free PDF Password & Restrictions Removal Tool
Instant PDF Password Remover is the FREE tool to instantly remove Password of protected PDF document. It can remove both User & Owner password along with all PDF file restrictions such as Copy, Printing, Screen Reader etc. Often we receive password protected PDF documents in the form of mobile...
UBUNTU-CVE-2013-7338
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a file size value larger than the size of the zip file to the 1 ZipExtFile.read, 2 ZipExtFile.readn, 3 ZipExtFile.readlines, 4 ZipFile.extract, or 5 ZipFile.extractall function...
How To Export Windows Event Logs
Purpose When submitting a support case for technical assistance, it is sometimes necessary to upload relevant Windows event logs in addition to the Veeam logs. Event logs exported using default settings can be missing important information. This article describes three different methods of...
Respondly: Allowed method disclosure
The URL "https://respond.ly/" has the following allowed methods, which include DAV methods: ACL, BASELINECONTROL, CHECKIN, CHECKOUT, CONNECT, COPY, DEBUG, GET, HEAD, INDEX, INVALID, INVOKE, LABEL, LINK, LOCK, MERGE, MKACTIVITY, MKCOL, MKDIR, MKWORKSPACE, MOVE, NOTIFY, OPTIONS, PATCH, PIN, POLL,...
SmartSniff - Capture TCP/IP packets on your network adapter
SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...
OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...
[SECURITY] Fedora 19 Update: curl-7.29.0-17.fc19
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
Veritas Backup Exec Server Remote Registry Access Code Execution - Ver2 (CVE-2005-0771)
A code execution vulnerability has been reported in Veritas Backup Exec Server. Successful exploitation of this vulnerability could allow a remote attacker to modify the registry and execute arbitrary methods via RPC on the affected system...
CVE-2014-0003
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
Design/Logic Flaw
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...
CVE-2014-0003
CVE-2014-0003 affects the Apache Camel XSLT component. It allows a remote attacker to execute arbitrary Java methods by sending a crafted message due to the XSLT component’s ability to call external Java methods. Affected are Camel 2.11.x prior to 2.11.4 and 2.12.x prior to 2.12.3 (and possibly e...
CVE-2014-1979
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...
Design/Logic Flaw
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...
CVE-2014-0057
The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...
sp mode mail vulnerability where Java methods may be executed
Overview sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Hironori Tokuta reported this vulnerability to IPA. JPCERT/CC coordinated wi...
[Lynis 1.4.6] Security and System Auditing Tool to Harden Linux Systems
Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...
JVN#89260331: sp mode mail vulnerability where Java methods may be executed
sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Impact When a specially crafted email is opened, an arbitrary Java method that can be...
PYSEC-2014-60
The object manager implementation objectmanager.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request...