PT-2009-4934 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code. This can occur when accessing an object that was not properly...

Adobe Reader 9.1.3 Acrobat - COM Objects Memory Corruption Remote Code Execution

Adobe Reader 9.1.3 Acrobat - COM Objects Memory Corruption Remote Code Execution source: https://www.securityfocus.com/bid/36668/info Adobe Reader and Acrobat are prone to a remote code-execution vulnerability because they fail to properly handle certain COM objects. An attacker can exploit this...

Adobe Reader 9.1.3 / Acrobat - COM Objects Memory Corruption Remote Code Execution

source: https://www.securityfocus.com/bid/36668/info Adobe Reader and Acrobat are prone to a remote code-execution vulnerability because they fail to properly handle certain COM objects. An attacker can exploit this issue by supplying a malicious PDF file or webpage. Successful exploits may allow...

Microsoft Outlook View ActiveX Controls Remote Code Execution (MS09-055; CVE-2009-2493)

ActiveX controls are reusable software components based on Microsoft Component Object Model COM. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in several Microsoft Outlook View ActiveX controls. To trigger this issue, ...

EasyMail Objects 6.0.2.0 - emimap4.dll ActiveX Control Remote Code Execution

EasyMail Objects 6.0.2.0 - emimap4.dll ActiveX Control Remote Code Execution source: https://www.securityfocus.com/bid/36409/info EasyMail Objects ActiveX control is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data. Successfully...

EasyMail Objects 6.0.2.0 - 'emimap4.dll' ActiveX Control Remote Code Execution

source: https://www.securityfocus.com/bid/36409/info EasyMail Objects ActiveX control is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in th...

PYSEC-2009-10

Unspecified vulnerability in the Zope Enterprise Objects ZEO storage-server functionality in Zope Object Database ZODB 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via...

Design/Logic Flaw

Unspecified vulnerability in the Zope Enterprise Objects ZEO storage-server functionality in Zope Object Database ZODB 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via...

CVE-2009-2701

Unspecified vulnerability in the Zope Enterprise Objects ZEO storage-server functionality in Zope Object Database ZODB 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via...

CVE-2009-2701

Removed by vendor...

PYSEC-2009-9

Zope Object Database ZODB before 3.8.2, when certain Zope Enterprise Objects ZEO database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol...

PYSEC-2009-8

Unspecified vulnerability in Zope Object Database ZODB before 3.8.2, when certain Zope Enterprise Objects ZEO database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol...

OpenJDK JDK13Services grants unnecessary privileges (6777448)

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...

PT-2009-4379 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 8 Description: The issue arises from the improper handling of attempts to access deleted objects in memory, allowing remote attackers to execute arbitrary code via an HTML document...

python: stringobject, unicodeobject integer overflows

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by 1 the stringexpandtabs function in Objects/stringobject.c and 2 the...

Cross site scripting

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects...

RHEL 4 / 5 : ruby (RHSA-2009:1140)

Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...

view-source: protocol

The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to 1 bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; 2 read, create, or modify...