206 matches found
KYOCERA Net Admin 3.4 Multiple XSS Vulnerabilities
Summary KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000 devices. Tasks that used to require multiple programs or walking to each printer can now be...
CVE-2018-0338
A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...
CVE-2017-12286
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in t...
CVE-2017-12286
A vulnerability in the web interface of Cisco Jabber could allow an authenticated, local attacker to retrieve user profile information from the affected software, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input and validation checks in t...
CVE-2017-6708
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
CVE-2017-6708
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
Cisco Ultra Services Framework AutoVNF Symbolic Link Handling Information Disclosure Vulnerability
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability
A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. The vulnerability is due to insufficient client-side validation checks. An attacker could...
NTP.org ntpd contains multiple denial of service vulnerabilities
Overview NTP.org ntpd versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not including ntp-4.3.94 contain multiple denial of service vulnerabilities. Description NTP.org's ntpd, versions ntp-4.2.7p385 up to but not including ntp-4.2.8p9 and ntp-4.3.0 up to but not...
CVE-2016-6156
A timing flaw was found in the Chrome EC driver in the Linux kernel. An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system...
[SECURITY] [DLA 318-1] flightgear security update
Package : flightgear Version : 1.9.1-1.1 Debian Bug : 780712 It was discovered that flightgear, a Flight Gear Flight Simulator game, did not perform adequate filesystem validation checks in its fgValidatePath routine. Regards, - -- ,. : : : Chris Lamb . [email protected] / chris-lamb.co.uk -...
flash -- multiple vulnerabilities
Adobe reports: These updates resolve a type confusion vulnerability that could lead to code execution CVE-2015-5573. These updates resolve use-after-free vulnerabilities that could lead to code execution CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682. These updates...
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities !-- SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platfo...
MGASA-2014-0291 Updated flash-player-plugin packages fix multiple vulnerabilities
Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...
Updated flash-player-plugin packages fix multiple vulnerabilities
Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...
VMware Player and Workstation <= 6.5.3 'vmware-authd' Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36630/info VMware Player and Workstation are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate validation checks on user-supplied input. An attacker can exploit this issue...
Fedora 17 : mediawiki-1.19.7-1.fc17 (2013-9622)
bug 48306 SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...
Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AWT mlib library...
Macromedia Flash ActionDefineFunction Memory Access (CVE-2005-2628)
A remote code execution vulnerability exists in the Macromedia Flash plugin. The flaw is created by insufficient validation checks of user input values. This vulnerability may be exploited by a malicious user to inject and execute arbitrary code on the target host. In a successful attack, an...
CVE-2009-4634
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that 1 bypasses a validation check in vorbisdec.c and triggers a wraparound of the stack pointer, or 2 access a pointer from out-of-bounds memory in...