CVE-2012-3524

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

dbus: privilege escalation when libdbus is used in setuid/setgid application

libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...

PHP source code in the unserialize function throws a vulnerability analysis-vulnerability warning-the black bar safety net

0×0 1 unserialize function concept First look at the official given explanation: unserialize on single serialized variable operation, convert back to PHP values. The return is after the conversion the value can be integer, float, string, array or object. If the passed string cannot be serialized,...

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:164)

This advisory updates wireshark to the latest version 1.6.3, fixing several security issues : An uninitialized variable in the CSN.1 dissector could cause a crash CVE-2011-4100. Huzaifa Sidhpurwala of Red Hat Security Response Team discovered that the Infiniband dissector could dereference a NULL...

Google Chrome < 21.0.1180.89 Multiple Vulnerabilities

Binary data 800953.prm...

Google Chrome < 21.0.1180.89 Multiple Vulnerabilities

Binary data 6563.pasl...

Google Chrome < 21.0.1180.89 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 21.0.1180.89 and is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists related to line-breaking. CVE-2012-2865 - Variable casting errors exist related to 'run-ins' and XSL...

CVE-2012-2866

Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

CVE-2012-0855

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

Heap overflow

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

CVE-2012-0855

Heap-based buffer overflow in the getsot function in the J2K decoder j2k.c in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service application crash via unspecified vectors related to the curtileno variable...

Sql injection

SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...

CVE-2012-3479

Removed by vendor...

CVE-2012-3479

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file...

Fedora 16 : emacs-23.3-10.fc16 (2012-11872)

CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean a...

CVE-2012-4590

Multiple cross-site scripting XSS vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager EMM before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the 1 User Agent or 2 Connection variable...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager EMM before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the 1 User Agent or 2 Connection variable...

Design/Logic Flaw

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue...

Server: Auth bypass in /lib/base.php

/lib/base.php before ownCloud 4.0.8 does not properly validate the userid session variable via WebDAV, which allows authenticated attackers to gain access to other users files. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

EMC AutoStart ftAgent Multiple Remote Code Execution Vulnerabilities (ESA-2012-020)

The version of EMC AutoStart on the remote host reportedly contains multiple remote code execution vulnerabilities : - The EMC AutoStart ftAgent, when processing messages with opcode 0x32 and subcode 0x04, opcode 0x32 and subcode 0x02, opcode 0x03 and subcode 0x04, opcode 0x55 and subcode 0x16,...