213680 matches found
Design/Logic Flaw
virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...
Memory corruption
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service memory corruption and...
Design/Logic Flaw
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...
Sql injection
PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...
Design/Logic Flaw
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495...
Buffer overflow
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...
Cross site scripting
Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...
Code injection
The inetdiagbcaudit function in net/ipv4/inetdiag.c in the Linux kernel before 2.6.39.3 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message, as demonstrated by an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
Design/Logic Flaw
Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142...
Memory corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the...
Code injection
The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...
Design/Logic Flaw
Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper aka SJOW wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object...
Memory corruption
Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corrupti...
Integer overflow
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an image with a crafted color profile that triggers a heap-based buffer overflow...
Null pointer dereference
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allo...
Out-of-bounds
oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read...
Design/Logic Flaw
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...
Design/Logic Flaw
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...
Memory corruption
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-clearchildtid pointer, which allows local users to cause a denial of service memory corruption or possibly gain privileges via a clone system call with CLONECHILDSETTID or...
Design/Logic Flaw
Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service CPU consumption via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232...
Design/Logic Flaw
The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...
Remote file inclusion
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...
Code injection
cartsave.php in ViArt Shop aka Shopping Cart 3.5 allows remote attackers to cause a denial of service excessive shopping carts via a flood of requests...
Design/Logic Flaw
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975...
Heap overflow
Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062...
Memory corruption
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...
Integer overflow
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow...
Default configuration
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...
Design/Logic Flaw
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...
Design/Logic Flaw
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...
Design/Logic Flaw
The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGfilesfunctionspage parameter...
Directory traversal
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 aka Leopard allows remote authenticated users to write arbitrary files via ".." sequences in file attachments...
Directory traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...
Code injection
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Memory corruption
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...
Design/Logic Flaw
The copytouser function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations...
Buffer overflow
Buffer overflow in the isdnnetsetcfg function in isdnnet.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdnioctl function...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to 1 Application Object Library component APP01, 2 Contracts Integration APP02, 3 Applications Manager APP04, 4 Marketing component APP05, and 5 Exchange component APP0...
Denial of service
Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 programfiles/livedraft/livedraft.php or 2 programfiles/livedraft/admin.php...
Sql injection
SQL injection vulnerability in index.php in the BibTeX component comjombib 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter...
Race condition
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...
Design/Logic Flaw
ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...
Path traversal
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method...
Design/Logic Flaw
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning...
Cross site request forgery (csrf)
request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...