Input validation

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during...

CVE-2010-1263

Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during...

Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the...

Safe: Intended restriction bypass via object references

The Safe aka Safe.pm module before 2.25 for Perl allows context-dependent attackers to bypass intended 1 Safe::reval and 2 Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the a...

Null pointer dereference

mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service NULL pointer dereference and knfsd crash or possibly have unspecified other impact via unknown...

CVE-2010-2103

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

Cross site scripting

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

CVE-2010-2103

Cross-site scripting XSS vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary w...

CVE-2010-2103

CVE-2010-2103: Apache Axis2/Java Axis2 administration console (axis2-admin/engagingglobally) is vulnerable to cross-site scripting via the modules parameter. Affected: Axis2/Java 1.4.1, 1.5.1 (and possibly other versions) used in SAP Business Objects 12, 3Com IMC, etc. The vulnerability is due to...

ProCheckUp Security Advisory 2010.3

PR10-03: Authenticated XSS within the Apache Axis2 administration console Vulnerability found: 30th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: Severity: Medium Description: Axis2 is a web services/SOAP/WDSL engine, widely used within many commercial products Procheckup h...

CVE-2010-1283

Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir aka Director files, which allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a modified field in a 0xFFFFFF49 record...

Internet Explorer DHTML Objects Memory Corruption (MS07-069; CVE-2007-5347)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...

VulnCheck KEV: CVE-2009-0075

Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption...

OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

[DSecRG-09-053] VMware Remoute Console - format string

Digital Security Research Group DSecRG Advisory DSECRG-09-053 Application: VMware Remoute Console Version: e.x.p build-158248 Vendor URL: http://vmware.com Bugs: Format String Vulnerabilitys Exploits: YES PoC Reported: 07.08.2009 Vendor response: 13.08.2009 Date of Public Advisory: 09.04.2010 CVE...

VMware Remote Console e.x.p build-158248 - format string vulnerability

Exploit for multiple platform in category dos / poc ====================================================================== VMware Remote Console e.x.p build-158248 - format string vulnerability ====================================================================== Digital Security Research Group...

Ubuntu Update for openjdk-6 vulnerabilities USN-923-1

Ubuntu Update for Linux kernel vulnerabilities USN-923-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9231.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Microsoft IE HTML渲染远程代码执行漏洞（MS10-018）

BUGTRAQ ID: 39024 CVE ID: CVE-2010-0807 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer访问已被删除的对象的方式中存在一个远程执行代码漏洞。攻击者可以通过构建特制的网页来利用该漏洞，当用户查看网页时，该漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以获得与登录用户相同的用户权限。 Microsoft Internet Explorer 7.0 临时解决方法： 在Office 2007中禁用ActiveX控件。 不要打开意外的文件。 厂商补丁： Microsoft...

CVE-2010-1233

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects...

Integer overflow

Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects...