Lucene search
K

1115 matches found

OpenVAS
OpenVAS
added 2011/10/04 12:0 a.m.45 views

Wireshark Multiple Denial of Service Vulnerabilities - Windows

Wireshark is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS7.1AI score0.05568EPSS
Exploits2References7
securityvulns
securityvulns
added 2011/06/19 12:0 a.m.70 views

ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

ZDI-11-198: Pwn2Own Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-198 June 14, 2011 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...

0.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2011/06/14 12:0 a.m.20 views

(Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability

This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer th...

7.5CVSS2.5AI score0.26172EPSS
Exploits1References1
securityvulns
securityvulns
added 2010/12/15 12:0 a.m.68 views

iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability

iDefense Security Advisory 12.14.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

9.3CVSS0.1AI score0.96889EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2010/12/02 12:0 a.m.23 views

SuSE 11 Security Update : (SAT Patch Number 2544)

This update of the Samba server package fixes the following security issues : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 - Take extra care that a mount point of mount.cifs does not...

7.5CVSS7.6AI score0.78702EPSS
Exploits5References9
Prion
Prion
added 2010/07/15 12:57 p.m.20 views

Memory corruption

The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or...

9.3CVSS8AI score0.20332EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2010/07/14 12:0 a.m.25 views

Microsoft Office Access ActiveX Controls Remote Code Execution Vulnerabilities (982335)

This host is missing a critical security update according to Microsoft Bulletin MS10-044. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5AI score0.22886EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.38 views

SuSE9 Security Update : Samba (YOU Patch Number 12622)

This update of the Samba server package fixes the following security issue : - A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-2063 Also, the following bug has been fixed : - An uninitialized...

7.5CVSS7.4AI score0.78702EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2010/07/01 12:0 a.m.31 views

openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0346-1)

"This update of the Samba server package fixes security issues and bugs. Following security issues were fixed: CVE-2010-2063: A buffer overrun was possible in chainreply code in 3.3.x and below, which could be used to crash the samba server or potentially execute code. CVE-2010-0787: Take extra...

7.5CVSS7.6AI score0.78702EPSS
Exploits5References8
myhack58
myhack58
added 2009/10/25 12:0 a.m.285 views

Dedecms select_soft_post. php page the variables are not the initial vulnerability-vulnerability warning-the black bar safety net

Text/ Flyh4t Affected versions: Dedecms 5.5 漏洞 产生 文件 位于 include\dialog\selectsoftpost.php, which is the variable$cfgbasedir not initialized properly, can lead to spare Through the identity authentication and system variable initialization file, cause you can upload any file to the specified...

1.5AI score
Exploits0
OSV
OSV
added 2009/09/08 6:30 p.m.4 views

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

6.3AI score
Exploits0References9
OSV
OSV
added 2009/09/08 6:30 p.m.2 views

DEBIAN-CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

5CVSS6.8AI score0.02517EPSS
Exploits0References1
NVD
NVD
added 2009/09/08 6:30 p.m.22 views

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

5CVSS6.3AI score0.02517EPSS
Exploits0References6
Cvelist
Cvelist
added 2009/09/08 6:0 p.m.41 views

CVE-2009-3084

The msnslpprocessmsg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service application crash via a handwritten aka Ink message, related to an uninitialized variabl...

7.2AI score0.02517EPSS
Exploits0References6
seebug.org
seebug.org
added 2009/05/12 12:0 a.m.33 views

Discuz! < 5.50论坛preg_match()函数未初始化$onlineipmatches变量漏洞

Discuz!是一款华人地区非常流行的Web论坛程序。 在Discuz!论坛的include/common.inc.php文件中: $magicquotesgpc = getmagicquotesgpc; @extractdaddslashes$COOKIE; @extractdaddslashes$POST; @extractdaddslashes$GET; //覆盖变量,这里我们可以覆盖$SERVER if!$magicquotesgpc $FILES = daddslashes$FILES; ..... ifgetenv'HTTPCLIENTIP' &&...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/03/17 12:0 a.m.21 views

LxBlog V6变量未初始化漏洞

Lxblog 是 PHPWind 开发的一套基于 PHP+MySQL 数据库平台架构的多用户博客系统,强调整站与用户个体间的交互,拥有强大的个人主页系统、独立的二级域名体系、灵活的用户模板系统、丰富的朋友圈和相册功 能。但是该blog系统在安全性上并不让人满意,本文就来分析lxblog一个变量未初始化造成的sql注入漏洞。 LxBlog V6 在数据库查询语句前面将变量$itemtype赋值为指定的数组就可以了。 =======================poc==================================...

7.1AI score
Exploits0
Prion
Prion
added 2008/09/26 4:21 p.m.24 views

Design/Logic Flaw

The Hash-based Message Authentication Code HMAC provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."...

9.3CVSS7.7AI score0.05732EPSS
Exploits1References8Affected Software2
UbuntuCve
UbuntuCve
added 2008/08/14 10:41 p.m.16 views

CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

7.5CVSS7.1AI score0.03001EPSS
Exploits1References1
OSV
OSV
added 2008/08/14 10:41 p.m.2 views

DEBIAN-CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

7.5CVSS7.2AI score0.03001EPSS
Exploits1References1
NVD
NVD
added 2008/08/14 10:41 p.m.20 views

CVE-2008-3688

sockethandler.cpp in HTTP Antivirus Proxy HAVP 0.88 allows remote attackers to cause a denial of service hang by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable...

7.5CVSS7.4AI score0.03001EPSS
Exploits1References8
Rows per page
Query Builder