PT-2023-2929 · Piwigo · Piwigo

Name of the Vulnerable Software and Affected Versions: Piwigo versions prior to 13.6.0 Description: The issue is related to a lack of validation of XML object sequences in the user list backend.php script of the Piwigo content management system. This can be exploited by a remote attacker to condu...

SUSE CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

Heap overflow

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

CVE-2015-8438

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

Adobe Flash - XML.childNodes Use-After-Free

Adobe Flash - XML.childNodes Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in...

Internet Explorer 6 componentFromPoint() remote memory disclosure and remote code execution

There is a bug in Internet Explorer 6 JavaScript implementation enabling remote memory disclosure and remote code execution. The vulnerability is caused by improper implementation of componentFromPoint method of xml object. The vulnerability The vulnerability is triggered by errornous behavior of...

CVE-2003-0817

CVE-2003-0817 involves Internet Explorer 5.01–6 SP1 and could allow a remote attacker to bypass zone restrictions and read local/arbitrary files via an XML object or through cross‑domain scripting. The vulnerability stems from how IE binds XML content and handles cross‑domain security, potentiall...

Microsoft Internet Explorer XML Object Zone Restriction Bypass Vulnerability

Description Microsoft has announced that a vulnerability exists in Internet Explorer when handling malicious XML objects. The problem is said to occur due to Internet Explorer failing to validate a supplied path when binding local data to the XML document. As a result, a malicious HTML containing...

Microsoft Internet Explorer 5 - XML Page Object Type Validation (MS03-040)

source: https://www.securityfocus.com/bid/8565/info Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server...