Lucene search
K
PrionMost viewed

213680 matches found

Prion
Prion
•added 2012/07/22 4:55 p.m.•32 views

Design/Logic Flaw

virt/disk/api.py in OpenStack Compute Nova Folsom 2012.2, Essex 2012.1, and Diablo 2011.3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image...

5.5CVSS6.3AI score0.02582EPSS
Exploits1References11Affected Software3
Prion
Prion
•added 2012/06/05 11:55 p.m.•32 views

Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service memory corruption and...

9.3CVSS8.6AI score0.0474EPSS
Exploits0References15Affected Software5
Prion
Prion
•added 2012/05/03 10:55 p.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703...

4CVSS5.4AI score0.0374EPSS
Exploits0References10Affected Software6
Prion
Prion
•added 2012/02/15 10:55 p.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS5.8AI score0.05988EPSS
Exploits1References22Affected Software1
Prion
Prion
•added 2012/02/10 8:55 p.m.•32 views

Sql injection

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

6.8CVSS8.1AI score0.06709EPSS
Exploits2References15Affected Software1
Prion
Prion
•added 2012/01/18 10:55 p.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495...

4CVSS5.4AI score0.03309EPSS
Exploits0References7Affected Software1
Prion
Prion
•added 2011/12/25 1:55 a.m.•32 views

Buffer overflow

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...

10CVSS8.3AI score0.95104EPSS
Exploits19References42Affected Software10
Prion
Prion
•added 2011/11/28 11:55 a.m.•32 views

Cross site scripting

Cross-site scripting XSS vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the railsxss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string...

4.3CVSS6AI score0.01638EPSS
Exploits0References9Affected Software2
Prion
Prion
•added 2011/10/19 9:55 p.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

6.8CVSS8.2AI score0.76245EPSS
Exploits4References26Affected Software3
Prion
Prion
•added 2011/08/29 6:55 p.m.•32 views

Code injection

The inetdiagbcaudit function in net/ipv4/inetdiag.c in the Linux kernel before 2.6.39.3 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message, as demonstrated by an...

4.9CVSS6.2AI score0.00435EPSS
Exploits1References13Affected Software6
Prion
Prion
•added 2011/02/19 1:0 a.m.•32 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...

4.3CVSS6AI score0.10228EPSS
Exploits2References33Affected Software1
Prion
Prion
•added 2010/11/10 3:0 a.m.•32 views

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142...

9.3CVSS6.4AI score0.16311EPSS
Exploits2References5Affected Software1
Prion
Prion
•added 2010/10/28 12:0 a.m.•32 views

Memory corruption

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the...

9.3CVSS8.1AI score0.83279EPSS
Exploits14References51Affected Software3
Prion
Prion
•added 2010/10/06 5:0 p.m.•32 views

Code injection

The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allow...

6CVSS7.5AI score0.04081EPSS
Exploits3References19Affected Software1
Prion
Prion
•added 2010/07/30 8:30 p.m.•32 views

Design/Logic Flaw

Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper aka SJOW wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object...

6.8CVSS7.7AI score0.01489EPSS
Exploits1References3Affected Software2
Prion
Prion
•added 2010/06/08 8:30 p.m.•32 views

Memory corruption

Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corrupti...

8.5CVSS7.7AI score0.28208EPSS
Exploits0References5Affected Software1
Prion
Prion
•added 2010/03/15 1:28 p.m.•32 views

Integer overflow

Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service application crash via an image with a crafted color profile that triggers a heap-based buffer overflow...

9.3CVSS8.5AI score0.0647EPSS
Exploits0References10Affected Software1
Prion
Prion
•added 2010/02/10 6:30 p.m.•32 views

Null pointer dereference

The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allo...

7.8CVSS6.8AI score0.79499EPSS
Exploits0References3Affected Software3
Prion
Prion
•added 2010/02/10 2:30 a.m.•32 views

Out-of-bounds

oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read...

5.8CVSS6.6AI score0.02168EPSS
Exploits2References15Affected Software1
Prion
Prion
•added 2009/11/13 3:30 p.m.•32 views

Design/Logic Flaw

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

5CVSS6.1AI score0.02913EPSS
Exploits2References25Affected Software1
Prion
Prion
•added 2009/09/02 5:30 p.m.•32 views

Design/Logic Flaw

src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...

4.3CVSS8.9AI score0.05741EPSS
Exploits4References7Affected Software1
Prion
Prion
•added 2009/08/18 9:0 p.m.•32 views

Memory corruption

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current-clearchildtid pointer, which allows local users to cause a denial of service memory corruption or possibly gain privileges via a clone system call with CLONECHILDSETTID or...

5.9CVSS6.7AI score0.00516EPSS
Exploits2References26Affected Software12
Prion
Prion
•added 2009/08/05 7:30 p.m.•32 views

Design/Logic Flaw

Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service CPU consumption via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232...

7.8CVSS6.8AI score0.1447EPSS
Exploits2References2Affected Software1
Prion
Prion
•added 2009/07/29 5:30 p.m.•32 views

Design/Logic Flaw

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

4.3CVSS7AI score0.12649EPSS
Exploits1References37Affected Software1
Prion
Prion
•added 2009/07/09 4:30 p.m.•32 views

Remote file inclusion

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...

9.3CVSS8AI score0.05942EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2009/04/28 4:30 p.m.•32 views

Code injection

cartsave.php in ViArt Shop aka Shopping Cart 3.5 allows remote attackers to cause a denial of service excessive shopping carts via a flood of requests...

5CVSS7.1AI score0.01382EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2009/04/15 10:30 a.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975...

5.5CVSS5.6AI score0.17865EPSS
Exploits3References6Affected Software2
Prion
Prion
•added 2009/03/25 1:30 a.m.•32 views

Heap overflow

Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062...

9.3CVSS8.1AI score0.11026EPSS
Exploits1References15Affected Software1
Prion
Prion
•added 2008/11/25 11:30 p.m.•32 views

Memory corruption

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...

9.3CVSS7.8AI score0.0585EPSS
Exploits0References13Affected Software1
Prion
Prion
•added 2008/10/14 9:10 p.m.•32 views

Integer overflow

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow...

6.8CVSS7.8AI score0.04647EPSS
Exploits0References28Affected Software1
Prion
Prion
•added 2008/09/23 3:24 p.m.•32 views

Default configuration

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...

4.3CVSS6AI score0.47111EPSS
Exploits7References10Affected Software1
Prion
Prion
•added 2008/09/03 2:12 p.m.•32 views

Design/Logic Flaw

Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...

10CVSS6.5AI score0.03912EPSS
Exploits1References18Affected Software4
Prion
Prion
•added 2008/07/17 1:41 p.m.•32 views

Design/Logic Flaw

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...

2.6CVSS6.5AI score0.08315EPSS
Exploits1References38Affected Software1
Prion
Prion
•added 2008/06/13 6:41 p.m.•32 views

Design/Logic Flaw

The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...

5CVSS6.3AI score0.12714EPSS
Exploits2References66Affected Software7
Prion
Prion
•added 2008/04/17 7:5 p.m.•32 views

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGfilesfunctionspage parameter...

6.8CVSS8AI score0.25316EPSS
Exploits1References3Affected Software1
Prion
Prion
•added 2008/03/18 11:44 p.m.•32 views

Directory traversal

Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 aka Leopard allows remote authenticated users to write arbitrary files via ".." sequences in file attachments...

8.5CVSS6.3AI score0.03134EPSS
Exploits3References9Affected Software2
Prion
Prion
•added 2008/03/04 11:44 p.m.•32 views

Directory traversal

Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...

5CVSS6.8AI score0.18163EPSS
Exploits1References29Affected Software1
Prion
Prion
•added 2008/02/12 1:0 a.m.•32 views

Code injection

Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...

5CVSS4.2AI score0.62575EPSS
Exploits5References55Affected Software1
Prion
Prion
•added 2008/02/08 10:0 p.m.•32 views

Memory corruption

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

9.3CVSS6.8AI score0.02484EPSS
Exploits1References63Affected Software3
Prion
Prion
•added 2007/12/17 11:46 p.m.•32 views

Design/Logic Flaw

The copytouser function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations...

4.6CVSS6.4AI score0.0044EPSS
Exploits2References7Affected Software1
Prion
Prion
•added 2007/11/21 12:46 a.m.•32 views

Buffer overflow

Buffer overflow in the isdnnetsetcfg function in isdnnet.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdnioctl function...

6.9CVSS6.1AI score0.00369EPSS
Exploits1References29Affected Software1
Prion
Prion
•added 2007/10/17 11:17 p.m.•32 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to 1 Application Object Library component APP01, 2 Contracts Integration APP02, 3 Applications Manager APP04, 4 Marketing component APP05, and 5 Exchange component APP0...

7.5CVSS6.6AI score0.0187EPSS
Exploits0References8Affected Software1
Prion
Prion
•added 2007/09/21 7:17 p.m.•32 views

Denial of service

Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users...

5.5CVSS6.5AI score0.00826EPSS
Exploits1References16Affected Software5
Prion
Prion
•added 2007/09/18 6:17 p.m.•32 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFLFILEROOT parameter to 1 programfiles/livedraft/livedraft.php or 2 programfiles/livedraft/admin.php...

4.6CVSS7.8AI score0.21748EPSS
Exploits2References10Affected Software1
Prion
Prion
•added 2007/08/23 7:17 p.m.•32 views

Sql injection

SQL injection vulnerability in index.php in the BibTeX component comjombib 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter...

7.5CVSS9.1AI score0.02203EPSS
Exploits0References3Affected Software1
Prion
Prion
•added 2007/08/18 9:17 p.m.•32 views

Race condition

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...

6.9CVSS6.6AI score0.00328EPSS
Exploits1References11Affected Software1
Prion
Prion
•added 2007/08/14 12:17 a.m.•32 views

Design/Logic Flaw

ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...

5CVSS6.5AI score0.07933EPSS
Exploits1References35Affected Software1
Prion
Prion
•added 2007/07/30 5:30 p.m.•32 views

Path traversal

Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method...

4.3CVSS7.3AI score0.22381EPSS
Exploits6References3Affected Software1
Prion
Prion
•added 2007/07/24 5:30 p.m.•32 views

Design/Logic Flaw

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning...

4.3CVSS6.4AI score0.1309EPSS
Exploits0References67Affected Software1
Prion
Prion
•added 2007/07/24 12:30 a.m.•32 views

Cross site request forgery (csrf)

request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service daemon crash by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault...

5.8CVSS6.6AI score0.08072EPSS
Exploits2References13Affected Software1
Total number of security vulnerabilities5000