IBM Notes runs arbitrary JAVA and Javascript in emails

Overview IBM Notes parses arbitrary JAVA and Javascript code by default when viewing emails. Description The n.runs AG security advisory states:Notes 8.5.3 does not filter tags inside HTML emails. This can be used to load arbitrary Java applets from remote sources making it an information...

n.runs-SA-2013.001 - Polycom - Command Shell Grants System-Level Access

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.001 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Command Shell Grants System-Level Access Risk: LOW Overview: The Polycom Command Shell ...

n.runs-SA-2013.004 - Polycom - H.323 Format String Vulnerability

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

n.runs-SA-2013.002 - Polycom - Firmware Update Command Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.002 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom Firmware Update Command Injection Risk: MEDIUM Overview: Polycom HDX systems can be...

Polycom H.323 CDR Database SQL Injection

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...

Polycom H.323 Format String

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...

Splunk 4.3.x Denial Of Service

Splunk version 4.3.x suffers from a denial of service hash table vulnerability. Vendors: Splunk Inc., http://www.splunk.com Product: Splunk 4.3.x + possibly earlier versions Vulnerability: Unauth. remote denial of service against splunkweb Tracking IDs: CVE-2012-1150 SPL-53249 Vendor communicatio...

n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.004 28-Dec-2011 Vendors: PHP, http://www.php.net Oracle, http://www.oracle.com Microsoft, http://www.microsoft.com Python, http://www.python.org Ruby, http://www.ruby.org Google, http://www.google.com Affected Products: PHP 4 and ...

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...

HP LaserJet Directory Traversal in PJL Interface

Exploit for hardware platform in category remote exploits ================================================ HP LaserJet Directory Traversal in PJL Interface ================================================ Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP device...

HP LaserJet PJL Interface Directory Traversal

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...

HP LaserJet - Directory Traversal in PJL Interface

HP LaserJet - Directory Traversal in PJL Interface n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory...

HP LaserJet - Directory Traversal in PJL Interface

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.003 16-Nov-2010 Vendor: Hewlett-Packard, http://www.hp.com Affected Products: Various HP LaserJet MFP devices See HP advisory 3 for the complete list Vulnerability: Directory Traversal in PJL interface Risk: HIGH Vendor...

n.runs-SA-2010.002 - Alcatel-Lucent - arbitrary code execution on OmniVista 4760

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2010.002 20-September-2010 Vendor: Alcatel Affected Products: OmniVista 4760 server: all versions prior to release R5.1.06.03.cPatch3. Vulnerability: arbitrary code execution Risk: High CVE-Number: CVE-2010-3281 Vendor communication:...

n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.007 15-Oct-2009 Vendor: Adobe Systems Incorporated, http://www.adobe.com Affected Products: Adobe Acrobat Reader/Acrobat Version: 8.1.3 - 8.1.6 Platform: Windows Vulnerability: Invalid pointer write could lead to arbitrary code...

n.runs-SA-2009.005 - Apple Safari - Information disclosure

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.005 23-Jun-2009 Vendor: Apple Inc., http://www.apple.com Affected Products: Safari Browser 3.2.3 all platforms Vulnerability: Information disclosure to Denial of Service Risk: MEDIUM Vendor communication: 2009/06/07 Bug found...

n.runs-SA-2009.006 - Apple Safari - Null pointer dereference

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.006 23-Jun-2009 Vendor: Apple Inc., http://www.apple.com Affected Products: Safari Browser 3.2.3 all platforms Vulnerability: Null pointer dereference lead to DoS Risk: MEDIUM Vendor communication: 2009/06/07 Bug found 2009/06/08...

n.runs-SA-2009.001 - OS X CFNetwork advisory

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.001 15-May-2009 Vendor: Apple Inc., http://www.apple.com Affected Products: Mac OS X 10.5.6 Vulnerability: Heap-based buffer overflow in CFNetwork component remote Risk: HIGH Vendor communication: 2009/04/17 Initial notification o...

n.runs-SA-2008.010 - Opera HTML parsing Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2008.010 16-Dec-2008 Vendor: Opera Software ASA, http://www.opera.com Affected Products: Opera Browser all platforms Vulnerability: HTML parsing flaw lead to remote code execution Risk: HIG...

n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2008.009 27-October-2008 Vendor: Eaton MGE office protection systems Affected Products: Network Shutdown Module version 3.10 Vulnerability: authentication bypass vulnerability and remote code execution Risk: High Vendor communication:...