CVE-2011-1291

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."...

Buffer overflow

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."...

CVE-2011-1291

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."...

Apple Mac OS X multiple security vulnerabilities

Multiple DoS conditions, format strings vulnerability in AppleScript, memory corruption on different file formats parsing, information leakage, privilege escalation...

Wireshark: Malformed LDAP filter string causes Denial of Service via excessive memory consumption

epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14, and 1.4.0 through 1.4.3 allows remote attackers to cause a denial of service memory consumption via 1 a long LDAP filter string or 2 an LDAP filter string containing many elements...

CVE-2011-1005

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

JDK Double.parseDouble Denial-Of-Service

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/46467/info Batavi is prone to multiple local file-include and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings ...

CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exceptiontos method, as demonstrated by changing an intended pathname...

DSA-2161-2 openjdk-6 - several

Bulletin has no description...

DSA-2161-1 openjdk-6 - denial of service

Bulletin has no description...

(0Day) IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch ca...

ReOS Local File Include and SQL Injection Vulnerabilities

ReOS is prone to a local file-include vulnerability and multiple SQL- injection vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

[SECURITY] Fedora 13 Update: perl-CGI-3.51-1.fc13

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

CVE-2010-3840

The Gislinestring::initfromwkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service server crash by calling the PolyFromWKB function with Well-Known Binary WKB data containing a crafted number of 1 line strings or 2 line points...

Code injection

The Gislinestring::initfromwkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service server crash by calling the PolyFromWKB function with Well-Known Binary WKB data containing a crafted number of 1 line strings or 2 line points...

samba: mount.cifs improper device name and mountpoint strings sanitization

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the 1 device name and 2 mountpoint strings are composed of valid characters, which allows local users to cause a denial of service mtab corruption via a crafted string...

PT-2011-1615 · Eclipse +1 · Eclipse Ide +1

Name of the Vulnerable Software and Affected Versions: Eclipse IDE versions prior to 3.6.2 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities in the Help Contents web application of the Eclipse IDE. These vulnerabilities allow remote attackers to inject arbitrary we...

Windows Gather SNMP Settings

This module will enumerate the SNMP service configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather SNMP Settings', 'Description' = %q This module will enumerate the SNMP...

Mono/Moonlight Generic Type Argument - Privilege Escalation

Sources: https://www.chrishowie.com/2010/11/24/mutable-strings-in-mono/ https://www.securityfocus.com/bid/45051/info Mono and Moonlight is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with elevated privileges. Successful...