6835 matches found
Microsoft Office Publisher Remote Code Execution Vulnerability (2830397)
This host is missing an important security update according to Microsoft Bulletin MS13-042. OpenVAS Vulnerability Test $Id: secpodms13-042.nasl 6115 2017-05-12 09:03:25Z teissa $ Microsoft Office Publisher Remote Code Execution Vulnerability 2830397 Authors: Antu Sanadi Copyright: Copyright c 201...
Cross site scripting
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values...
Ubuntu Update for libxslt USN-1784-1
Check for the Version of libxslt OpenVAS Vulnerability Test $Id: gbubuntuUSN17841.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for libxslt USN-1784-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...
[Acunetix Web Vulnerability Scanner 8] Automated Web Application Security Testing Tool
Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...
Windows Gather Microsoft Office Word UNC Path Injector
This module modifies a remote .docx file that will, upon opening, submit stored netNTLM credentials to a remote host. Verified to work with Microsoft Word 2003, 2007, 2010, and 2013. In order to get the hashes the auxiliary/server/capture/smb module can be used. This module requires Metasploit:...
CVE-2013-2486
The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...
Design/Logic Flaw
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...
Integer overflow
The dissectdiagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via crafted integer...
CVE-2013-2487
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...
CVE-2013-2487
epan/dissectors/packet-reload.c in the REsource LOcation And Discovery aka RELOAD dissector in Wireshark 1.8.x before 1.8.6 uses incorrect integer data types, which allows remote attackers to cause a denial of service infinite loop via crafted integer values in a packet, related to the 1...
RedHat Update for libxml2 RHSA-2013:0581-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
rubygem-actionpack: Unsafe query generation
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended...
rubygem-activerecord: Unsafe Query Generation Risk in Ruby on Rails
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
Ubuntu: Security Advisory (USN-1733-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MantisBT < 1.2.12 Multiple Vulnerabilities
According to its version number, the MantisBT install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an information disclosure vulnerability due to a flaw in using default values to determine if a user has sufficient privileges to modify...
Ruby Activemodel Gem -- Circumvention of attr_protected
Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...
DEBIAN-CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
CVE-2013-0155
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
Stack overflow
Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies...
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)
Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762...