Design/Logic Flaw

IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation...

CVE-2010-4549

IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation...

kernel: prevent heap corruption in snd_ctl_new()

Multiple integer overflows in the sndctlnew function in sound/core/control.c in the Linux kernel before 2.6.36-rc5-next-20100929 allow local users to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted 1 SNDRVCTLIOCTLELEMADD or 2...

Awstats < 7.0 Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Autodesk AutoCAD 2007 - &#039;color.dll&#039; DLL Hijacking

/ Description: A vulnerability exists in windows that allows other applications dynamic link libraries to execute malicious code without the users consent, in the privelage context of the targeted application. Title: Autocad 2007 Professional dll color.dll Hijacking exploit Author: xsploited...

Rosoft Audio Converter '.M3U' file Buffer Overflow Vulnerability

This host is installed with Rosoft Audio Converter and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodrosoftaudioconverterbofvuln.nasl 5401 2017-02-23 09:46:07Z teissa $ Rosoft Audio Converter '.M3U' file Buffer Overflow Vulnerability Authors: Madhuri D Copyright...

Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n...

CVE-2010-0164

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via a...

CVE-2010-0164

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via a...

Design/Logic Flaw

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via a...

Mozilla Firefox 3.6 libpr0n库远程代码执行漏洞

CVE ID: CVE-2010-0164 Firefox是一款流行的开源WEB浏览器。 Firefox中负责处理图形缓存和动画的libpr0n库处理通过multipart/x-mixed-replace mime从服务器所接收的动画的方式存在远程代码执行漏洞。在bits-per-pixel发生了更改的情况下，应用会释放指针然后重新使用已释放的指针，这可能导致可利用的情况。 Mozilla Firefox 3.6 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/...

Discloser 'more' Parameter SQL Injection Vulnerability

The host is running Discloser and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: secpoddisclosersqlinjvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Discloser 'more' Parameter SQL Injection Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 SecPod,...

Firefox 3.5.2 3.0.14 JavaScript engine crashes

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability

Overview Computer systems running the JP1/Cm2/Network Node Manager NNM Remote Console for Windows are vulnerable due to insecure file permissions set on the systems. Impact A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files. Solution Please...

php 5.2.1 str-replace 整数溢出漏洞

No description provided by source...

Firefox 3.5.2 3.0.14 JavaScript engine crashes

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

MoziloCMS Local File Include and Cross Site Scripting Vulnerabilities

MoziloCMS is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Horde Multiple Vulnerabilities (Apr 2009)

Horde is prone to a local file include LFI vulnerability and a cross-site scripting XSS vulnerability because they fail to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Design/Logic Flaw

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the...

ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N

Integer overflow in the 1 rbarysplice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and 2 the rbaryreplace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the...