5612 matches found
CVE-2013-3836
CVE-2013-3836 affects Oracle Web Cache (Oracle Fusion Middleware 11.1.1.6/11.1.1.7). The vulnerability’s root cause is related to ESI/Partial Page Caching, allowing remote authenticated users to impact confidentiality. The connected documents confirm the affected product and vector but do not pro...
Synology DSM multiple vulnerabilities
Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manager DSM it's a Linux based operating system, use...
BlackBerry < 6.0.0 Browser Partial DoS
Binary data blackberry600check.nbin...
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
Exploit for linux platform in category web applications Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manag...
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched Synology DiskStation Manager DSM it's a Linux based operating system, use...
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
Synology DiskStation Manager DSM 4.3-3776 - Multiple Vulnerabilities Title: Synology DSM multiple vulnerabilities Version affected: = 4.3-3776 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: unpatched...
DEBIAN-CVE-2013-2076
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged t...
XML External Entity (XXE) injection in Spring Framework
It was identified that Spring MVC processed user provided XML with JAXB in combination with a StAX XMLInputFactory without disabling external entity resolution. External entity resolution has been disabled in this case. It was subsequently discovered that this fix was incomplete CVE-2013-6429,...
CVE-2013-3171
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...
Design/Logic Flaw
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...
CVE-2013-3171
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...
Mandriva Linux Security Advisory : gimp (MDVSA-2013:082)
Updated gimp packages fix security vulnerabilities : An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially crafted GIF image file that, when opened, could cause the GIF plug-in to crash or,...
Solaris 10 (x86) : 148028-03 (deprecated)
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: RBAC Configuration. Supported versions that are affected are 8, 9 and 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional, multiple logins to components...
Windows OS Partial Product Key (WMI)
Binary data wmiwindowspartialproductkey.nbin...
CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service daemon outage via partial HTTP requests, as demonstrated by Slowloris...
Microsoft .NET Framework EncoderParameter - Integer Overflow (MS12-025)
Microsoft .NET Framework EncoderParameter - Integer Overflow MS12-025 ------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster,...
Solaris 10 (sparc) : 147673-11 (deprecated)
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Oracle Java Web Console. The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise...
Mandriva Update for rpm-mandriva-setup MDVA-2012:024 (rpm-mandriva-setup)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Multiple Cross-Site-Scripting vulnerabilities in x3cms
Advisory: Multiple Cross-Site-Scripting vulnerabilities in x3cms Advisory ID: INFOSERVE-ADV2011-04 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on x3cms 0.4.3 other versions may also be affected Vendor URL: http://www.x3cms.net/ Vendor Status: Parti...
CVE-2012-0390
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...