3062 matches found
Code injection
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970...
CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970...
SLES9: Security update for subdomain-parser
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: subdomain-utils yast2-subdomain subdomain-parser-common subdomain-profiles subdomain-parser More details may also be found by searching for keyword 5010007...
SLES9: Security update for subdomain-parser
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: yast2-subdomain subdomain-utils subdomain-parser subdomain-profiles subdomain-parser-common More details may also be found by searching for keyword 5014564...
SLES9: Security update for subdomain-parser
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: subdomain-utils yast2-subdomain subdomain-parser-common subdomain-profiles subdomain-parser More details may also be found by searching for keyword 5010007...
SLES9: Security update for subdomain-parser
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: yast2-subdomain subdomain-utils subdomain-parser subdomain-profiles subdomain-parser-common More details may also be found by searching for keyword 5014564...
CVE-2009-3390
Multiple unspecified vulnerabilities in the 1 iscsiadm and 2 iscsitadm programs in Sun Solaris 10, and OpenSolaris snv28 through snv109, allow local users with certain RBAC execution profiles to gain privileges via unknown vectors related to the libima library...
CVE-2008-7221
Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...
CVE-2008-7221
Cross-site request forgery CSRF vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that 1 add new administrators or 2 modify user profiles via a crafted request to system/admin.php...
CVE-2008-7221
RunCMS 1.6.1 is affected by a CSRF vulnerability that lets remote attackers hijack administrator sessions by sending crafted requests to system/admin.php, enabling (1) addition of new administrators or (2) modification of user profiles. The vulnerability is triggered through authenticated admin a...
CVE-2008-7188
CVE-2008-7188 affects ClipShare 2.6, where an attacker can bypass access restrictions by altering a uid parameter in siteadmin/useredit.php to modify arbitrary user profiles. This can be combined with using the manipulated email to trigger recoverpass.php, potentially recovering a user’s password...
Mandrake Security Advisory MDVSA-2009:162 (java-1.6.0-openjdk)
The remote host is missing an update to java-1.6.0-openjdk announced via advisory MDVSA-2009:162. OpenVAS Vulnerability Test $Id: mdksa2009162.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:162 java-1.6.0-openjdk Authors: Thomas Reinke Copyright:...
Design/Logic Flaw
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...
CVE-2009-1679
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the...
CVE-2009-1679
The CVE covers Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The Profiles component, when installing a configuration profile, can replace ActiveSync’s password policy with a weaker one, allowing physically proximate attackers to bypass the policy. Impact: bypass of password po...
ghostscript security update
CentOS Errata and Security Advisory CESA-2009:0421 Updated ghostscript packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ghostscript is a set of software...
[ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200904-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
LittleCMS: Multiple vulnerabilities
Background LittleCMS, or short lcms, is a color management system for working with ICC profiles. It is used by many applications including GIMP and Firefox. Description RedHat reported a null-pointer dereference flaw while processing monochrome ICC profiles CVE-2009-0793. Chris Evans of Google...
[SECURITY] Fedora 9 Update: argyllcms-1.0.3-5.fc9
The Argyll color management system supports accurate ICC profile creation f or scanners, CMYK printers, film recorders and calibration and profiling of displays. Spectral sample data is supported, allowing a selection of illuminants obse rver types, and paper fluorescent whitener additive...
Job2C 4.2 - profile Arbitrary File Upload
Job2C 4.2 - profile Arbitrary File Upload || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...