9100 matches found
Apple TV < 6.1.1 Multiple Vulnerabilities
Binary data 8274.prm...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...
CVE-2014-3867
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...
CVE-2014-3867
The CVE-2014-3867 entry concerns IBM Sametime Meeting Server versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1 that do not set the HTTPOnly flag for an unspecified cookie in an HTTPS session. This omission can allow remote attackers to access potentially sensitive data via script access to the coo...
UBUNTU-CVE-2014-0240
The modwsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes...
Dotclear Media Manager Authenticated Arbitrary File Upload
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'dotclear Media Manager Authenticated Arbitrary File Upload', 'Description' = %q The vulnerability exists because of the...
Solaris 10 (x86) : 151266-03 (deprecated)
SunVTS 7.0x86: Patch Set 18 consolidation. Date this patch was last updated by Sun : Aug/15/14 This plugin has been deprecated and either replaced with individual 151266 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@...
Apple iTunes < 11.2 Multiple Vulnerabilities (credentialed check)
The version of Apple iTunes installed on the remote host is prior to version 11.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the CFNetwork HTTPProtocol due to a failure to properly ensure that a Set-Cookie HTTP header is complete before interpreting the header's...
Aleph 500 Cross Site Scripting
Greetings: a ALEPH500 Integrated library management system Cross Site Scripting£»CVE-ID is CVE-2014-3718. Aleph 500, fully meet the industry standard, is an art class perfect librarysolution, the Ex Libris to pursue the essence of philosophy is flexible and easy to use. Ex Libris is the world...
OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Coinbase: CSRF in function "Set as primary" on accounts page
I would like to report this CSRF vulnerability in coinbase on function "set as primary" for a account in accounts page. Steps: 1 Login to your coinbase account which atleast has two accounts 2 Go to "accounts" page and out of the two accounts click "set as primary" link for one of the accounts...
DEBIAN-CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...
UBUNTU-CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the 1 stdou...
OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...
OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...
OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...
OpenJDK: Prevent SIGNATURE_PRIMITIVE_SET from being modified (Security, 8029745)
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...
Stack overflow
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allow man-in-the-middle attackers to execute arbitrary code via 1 a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather...
CVE-2014-0355
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00BFQ.6C0 allow man-in-the-middle attackers to execute arbitrary code via 1 a long temp attribute in a yweather:condition element in a forecastrss file that is processed by the checkWeather...