Lucene search
+L

654 matches found

ATTACKERKB
ATTACKERKB
added 2014/03/19 10:55 a.m.5 views

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.3CVSS8AI score0.05576EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2014/03/18 8:34 p.m.4 views

Mozilla: Out-of-bounds read/write through neutering ArrayBuffer objects (MFSA 2014-31)

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.3CVSS7.3AI score0.05576EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/12/24 12:0 a.m.15 views

Scientific Linux Security Update : tzdata enhancement update on SL5.x, SL6.x i386/x86_64 (20131223)

This update adds the following enhancement : The Jordanian government has reversed its decision to observe daylight saving time DST all year and in the year 2014, Jordan is going to resume to the transition schedule from the years 2006 - 2011. This year, Jordan will switch back to Arabia Standard...

5.4AI score
Exploits0References1
NVD
NVD
added 2013/09/28 3:40 a.m.38 views

CVE-2013-5161

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors...

4.4CVSS5.8AI score0.00293EPSS
Exploits1References2
Prion
Prion
added 2013/09/28 3:40 a.m.24 views

Design/Logic Flaw

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors...

4.4CVSS6.2AI score0.00293EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2013/08/27 12:0 a.m.1467 views

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

7.8CVSS0.5AI score0.98945EPSS
Exploits17
Packet Storm
Packet Storm
added 2013/08/26 12:0 a.m.892 views

Obehotel CMS Denial Of Service / SQL Injection

OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY ------------------------- Title: OBEHOTEL CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing /...

7.8CVSS0.5AI score0.98945EPSS
Exploits17
OSV
OSV
added 2013/08/23 4:55 p.m.4 views

DEBIAN-CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS8.4AI score0.01634EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/08/23 4:55 p.m.18 views

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS7.2AI score0.01634EPSS
Exploits0References1
Prion
Prion
added 2013/08/23 4:55 p.m.19 views

Cross site request forgery (csrf)

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS6.6AI score0.01634EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2013/08/23 4:55 p.m.4 views

UBUNTU-CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS7.3AI score0.01634EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/08/23 4:0 p.m.28 views

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

8.2AI score0.01634EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2013/08/23 4:0 p.m.40 views

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

6CVSS8AI score0.01634EPSS
Exploits0
CVE
CVE
added 2013/08/23 4:0 p.m.63 views

CVE-2012-4733

CVE-2012-4733 affects Request Tracker (RT) 4.x prior to 4.0.13. The issue is an improper enforcement of the DeleteTicket and “custom lifecycle transition” permissions, allowing remote authenticated users who have the ModifyTicket permission to delete tickets via unspecified vectors. The connected...

6CVSS8.1AI score0.01634EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2013/08/22 4:55 a.m.20 views

Make custom field description and options rendering consistent for OnDemand and BTF

JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on OnDemand. On OnDemand, custom field descriptions are wiki markup, but on BTF they're HTML. On OnDemand, custom field options e.g. for checkbox are plain text, but on BTF...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/08/22 4:55 a.m.36 views

Make custom field description and options rendering consistent for OnDemand and BTF

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34440. panel JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on...

0.3AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2013/07/16 6:21 p.m.7 views

Kernel: sa_restorer information leak

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

3.6CVSS6.6AI score0.00461EPSS
Exploits0References4
MSRC
MSRC
added 2013/06/11 7:0 a.m.9 views

Improved cryptography infrastructure and the June 2013 bulletins

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year- and I’ve dealt with some interesting issues during my tenure - but our goal o...

6.8AI score
Exploits0
myhack58
myhack58
added 2013/05/21 12:0 a.m.18 views

php character comparison Double equal characteristics may be references made to the security-vulnerability warning-the black bar safety net

Title party!, the The article is relatively short, ha ha! Before learning php, research. php auto similar conversion,this is php a feature, not a 0day,phper know something, There are similar perl. Straight cut body, we learn php know that“==”with”===”the difference,the former in the comparison of...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/17 12:0 a.m.41 views

Photodex ProShow Producer 5.0.3297 Buffer Overflow

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-02-16 Date published: 2013-02-16 CVSSv2 Score: 6,8 AV:N/AC:M/Au:N/C:P/I:P/A:P...

0.5AI score
Exploits0
Rows per page
Query Builder