7680 matches found
Race condition
Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."...
CVE-2013-1292
Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling ...
otrs -- Information disclosure and Data manipulation
The OTRS Project reports: An attacker with a valid agent login could manipulate URLs in the object linking mechanism to see titles of tickets and other objects that are not obliged to be seen. Furthermore, links to objects without permission can be placed and removed...
[SECURITY] Fedora 18 Update: rubygem-activerecord-3.2.8-5.fc18
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
Microsoft Internet Explorer removeChild Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2013-1285
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to...
CVE-2013-1287
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to...
Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
This host is missing a critical security update according to Microsoft Bulletin MS13-023. OpenVAS Vulnerability Test $Id: secpodfilterpackms13-023.nasl 5365 2017-02-20 13:46:09Z cfi $ Microsoft Filter Pack Remote Code Execution Vulnerability 2801261 Authors: Antu Sanadi Copyright: Copyright c 201...
Microsoft Visio Viewer Remote Code Execution Vulnerability (2801261)
This host is missing a critical security update according to Microsoft Bulletin MS13-023. OpenVAS Vulnerability Test $Id: secpodvisioviewerms13-023.nasl 6115 2017-05-12 09:03:25Z teissa $ Microsoft Visio Viewer Remote Code Execution Vulnerability 2801261 Authors: Antu Sanadi Copyright: Copyright ...
CVE-2013-1656
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...
CVE-2013-1656
CVE-2013-1656 affects Spree Commerce 1.0.x through 1.3.2, where remote authenticated administrators could instantiate arbitrary Ruby objects and execute commands via parameters (payment_method, promotion_action, promotion_rule, calculator_type) due to unsafe use of constantize in admin controller...
CVE-2013-1656
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...
Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)
A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...
Ubuntu Update for firefox USN-1729-1
Check for the Version of firefox OpenVAS Vulnerability Test $Id: gbubuntuUSN17291.nasl 8483 2018-01-22 06:58:04Z teissa $ Ubuntu Update for firefox USN-1729-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...
[SECURITY] Fedora 17 Update: rubygem-activerecord-3.0.11-6.fc17
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
SeaMonkey Multiple Vulnerabilities -01 (Feb 2013) - Windows
SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Spree payment_methods_controller.rb payment_method Parameter Arbitrary Ruby Object Instantiation Command Execution
Spree contains a flaw that is triggered when handling input passed via the 'paymentmethod' parameter to paymentmethodscontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...
Spree controller Parameter Arbitrary Ruby Object Instantiation Command Execution
Spree Commerce 1.0.x before 2.0.0.rc1 allows remote authenticated administrators to instantiate arbitrary Ruby objects and executd arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/ paymentmethodscontroller.rb; and the 2 promotionaction parameter to...
Spree promotion_rules_controller.rb promotion_rule Parameter Arbitrary Ruby Object Instantiation Command Execution
Spree contains a flaw that is triggered when handling input passed via the 'promotionrule' parameter to promotionrulescontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...
Spree promotions_controller.rb calculator_type Parameter Arbitrary Ruby Object Instantiation Command Execution
Spree contains a flaw that is triggered when handling input passed via the 'calculatortype' parameter to promotionscontroller.rb. This may allow a remote authenticated attacker to instantiate arbitrary Ruby objects and potentially execute arbitrary commands...