7491 matches found
CVE-2010-3856
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
CVE-2010-3856
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
Apache Struts2/XWork Remote Command Execution Vulnerability
This host is running Struts and is prone to remote command execution vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsxworkcmdexecvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ Apache Struts2/XWork Remote Command Execution Vulnerability Authors: Sooraj KS Copyright: Copyright c 2010...
Memory corruption
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability."...
CVE-2010-3812
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cau...
Integer overflow
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cau...
Design/Logic Flaw
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...
UBUNTU-CVE-2010-3823
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...
CVE-2010-3812
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cau...
UBUNTU-CVE-2010-3812
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cau...
CVE-2010-3812
Removed by vendor...
CVE-2010-3823
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving Geolocation objects. NOTE: this...
Google Chrome multiple vulnerabilities - November 10(Linux)
The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnnov10lin.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - November 10Linux Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...
glibc: ld.so arbitrary DSO loading via LD_AUDIT in setuid/setgid programs
ld.so in the GNU C Library aka glibc or libc6 before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LDAUDIT environment variable to reference dynamic shared objects DSOs as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a...
Code injection
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)
This update brings Mozilla Firefox to version 3.5.15, fixing various bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs...
CVE-2010-4182
Untrusted search path vulnerability in the Data Access Objects DAO library dao360.dll in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...
Design/Logic Flaw
Untrusted search path vulnerability in the Data Access Objects DAO library dao360.dll in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...
CVE-2010-4182
Untrusted search path vulnerability in the Data Access Objects DAO library dao360.dll in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...
Google Chrome < 7.0.517.44 Multiple Vulnerabilities
Binary data 800908.prm...