Sql injection

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight...

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

CVE-2013-0269 rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

UBUNTU-CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

CVE-2013-0269

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

Internet Explorer VML Objects Memory Corruption (MS13-009; CVE-2013-0030)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VML buffers are allocated. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially crafted web page. An attacke...

[SE-2012-01] Details of issues fixed by Feb 2013 Java SE CPU

Hello All, Below, we are providing you with technical details regarding security issues reported by us to Oracle and addressed by the company in a recent Feb 2013 Java SE CPU 1. Issue 29 This issue allows for the creation of arbitrary Proxy objects for interfaces defined in restricted packages...

CVE-2013-1465

The Cubecart::basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object...

Code injection

The Cubecart::basket method in classes/cubecart.class.php in CubeCart 5.0.0 through 5.2.0 allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter, as demonstrated by modifying the application configuration using the Config object...

CVE-2013-1465

CubeCart 5.0.0–5.2.0 is affected by a PHP object injection in Cubecart::_basket() via the shipping POST parameter. The code unserializes base64url_decode($_POST['shipping']) into $GLOBALS['cart'], allowing an attacker to inject arbitrary PHP objects (e.g., the Config object) and potentially alter...

PT-2013-3150 · Cubecart · Cubecart

Name of the Vulnerable Software and Affected Versions: CubeCart versions 5.0.0 through 5.2.0 Description: The issue allows remote attackers to unserialize arbitrary PHP objects via a crafted shipping parameter. This can be used to modify the application configuration using the Config object...

Microsoft Internet Explorer Layout Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(Mobile Pwn2Own) Apple Safari shiftCount/splice Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Arr...

SuSE 11.2 Security Update : LibreOffice (SAT Patch Number 6804)

LibreOffice was updated to SUSE 3.5 bugfix release 13 based on upstream 3.5.6-rc2 which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. bnc759172 - open XML in Writer. bnc777181 - undo in text objects fdo36138 - broken numbering level. bnc760019 - better MathML...

[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-5.fc17

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 16 Update: rubygem-activerecord-3.0.10-5.fc16

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Fedora Update for rubygem-activerecord FEDORA-2013-0185

Check for the Version of rubygem-activerecord OpenVAS Vulnerability Test Fedora Update for rubygem-activerecord FEDORA-2013-0185 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-3.fc18

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Design/Logic Flaw

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging 1...

Mozilla Products Multiple Vulnerabilities (Jan 2013) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...