58 matches found
CVE-2016-5142
The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...
CVE-2016-5093
The geticuvalueinternal function in ext/intl/locale/localemethods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other...
CVE-2015-7420
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421...
Crlf injection
CRLF injection vulnerability in the Ceph Object Gateway aka radosgw or RGW in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name...
MediaWiki Multiple Vulnerabilities -02 (Nov 2015) - Windows
MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...
CVE-2015-3828
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark BOM, which allows remote attackers to execute arbitrary code or cause a denial of service integer...
Cross site scripting
Cross-site scripting XSS vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML...
Authentication flaw
The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier for remote attackers to track users via a crafted web site...
CVE-2015-4034
The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object...
openSUSE Security Update : libxml2 (openSUSE-SU-2012:1647-1)
A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
CVE-2014-1532
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...
Pangolin Automated SQL Injection tool
Pangolin is an automated SQL Injection tool. Remote attackers can use Pangolin to fetch data from the database and execute SQL statements...
Buffer overflow
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect availability via unknown vectors related to JavaFX...
CVE-2013-7080
The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...
CVE-2013-1741
Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...
WebCollab 'item' Parameter HTTP Response Splitting Vulnerability
WebCollab is prone to HTTP response splitting vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-1724
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...
Maldives Telecom ISP - SQL Injection Vulnerability
Document Title: =============== Maldives Telecom ISP - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=355 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID VL-ID: ==================================== 355 Comm...
CVE-2012-6460
Opera before 11.67 and 12.x before 12.02 allows remote attackers to cause truncation of a dialog, and possibly trigger downloading and execution of arbitrary programs, via a crafted web site...
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities
Document Title: =============== Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=561 Barracuda Networks Security ID: BNSEC-278 Release Date: ============= 2012-07-15 Vulnerability Laboratory ID VL-I...