CVE-2010-2483

The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values...

Star outside the virtual host management system brush money vulnerability+injection vulnerability-vulnerability warning-the black bar safety net

Test station: http://www.. com/ Register for an account, for example: test Visit: http://www.. com/netpay/ips/ Enter your username and amount of recharge. For example: test 1 $ 0 Point the next step will be to generate you an order number. Such as 7 2 2 9 7 8 Remember it Parameter structure:...

CVE-2010-2624

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 comment parameter to addcomments.php, 2 values parameter to tagsdetails.php, or 3 begin parameter to greetings.php...

CVE-2010-1748

The cgiinitializestring function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % percent character without two subsequent hex characters, which...

Design/Logic Flaw

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

CVE-2010-1986

Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...

Apache OFBiz Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL:...

Design/Logic Flaw

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of 1 form values and 2 JSignal arguments, which has unspecified impact and remote attack vectors...

CVE-2010-1238

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

Design/Logic Flaw

MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values...

Heap overflow

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

CVE-2010-0520

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FLC file, related to crafted DELTAFLI chunks and untrusted length values in a .fli file,...

kernel: sys_move_pages infoleak

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

CVE-2010-0415

The dopagesmove function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service OOPS, and possibly have unspecified other impact by specifying a node that is not part of the...

Microsoft SMB NTLM Authentication Lack of Entropy (MS10-012; CVE-2010-0231)

The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. An elevation of privilege vulnerability has been reported in the way that Microsoft Server Message Block SMB Protocol software handles authentication attempts. The vulnerability is due to a lack of...

RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's...

Design/Logic Flaw

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...