213680 matches found
Memory corruption
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted HTML document...
Default configuration
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...
Design/Logic Flaw
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...
Design/Logic Flaw
Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880,...
Design/Logic Flaw
The approxyhttpprocessresponse function in modproxyhttp.c in the modproxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service memory consumption via a large number of interim...
Privilege escalation
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the 1 Desktop directory on Windows or 2 Downloads directory on Mac OS X, and subsequently allows...
Race condition
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...
Integer overflow
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965...
Remote file inclusion
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGfilesfunctionspage parameter...
Buffer overflow
Buffer overflow in the gifreadlzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large codesize value, a similar issue to CVE-2006-4484...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in webSPELL 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the board parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Directory traversal
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash \ path separators or case-insensitive file names, allows remote attackers to access arbitrary files via 1 "..%5c" encoded backslash...
Code injection
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle 1 double quote " characters or 2 %5C encoded backslash sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable...
Memory corruption
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...
Buffer overflow
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock codegenbuffer buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as demonstrated by qemu-dos.com...
Sql injection
SQL injection vulnerability in index.php in the BibTeX component comjombib 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter...
Race condition
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files...
Type confusion
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service device crash via a SIP INVITE message without a Content-Type header...
Design/Logic Flaw
ActionScript 3 AS3 in Adobe Flash Player 9.0.47.0, and other versions and other 9.0.124.0 and earlier versions, allows remote attackers to bypass the Security Sandbox Model, obtain sensitive information, and port scan arbitrary hosts via a Flash SWF movie that specifies a connection to make, then...
Design/Logic Flaw
cacheutil.c in the modcache module in Apache HTTP Server httpd, when caching is enabled and a threaded Multi-Processing Module MPM is used, allows remote attackers to cause a denial of service child processing handler crash via a request with the 1 s-maxage, 2 max-age, 3 min-fresh, or 4 max-stale...
Buffer overflow
Word or Word Viewer in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."...
Remote file inclusion
PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfgsysbasepath parameter...
Design/Logic Flaw
The StartUploading function in KL.SysInfo ActiveX control AxKLSysInfo.dll in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command...
Design/Logic Flaw
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...
Cross site scripting
Cross-site scripting XSS vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, the...
Code injection
Microsoft Internet Information Services IIS, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service network bandwidth consumption via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue...
Remote file inclusion
PHP remote file inclusion vulnerability in classifiedright.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the languagedir parameter...
Code injection
Microsoft Distributed Transaction Coordinator MSDTC for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service crash via a BuildContextW request with a large 1 UuidString or 2 GuidIn of a certain length, which causes an out-of-range memory...
Design/Logic Flaw
The ECNE chunk handling in Linux SCTP lksctp before 2.6.17 allows remote attackers to cause a denial of service kernel panic via an unexpected chunk when the session is in CLOSED state...
Design/Logic Flaw
sqlparse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COMTABLEDUMP request with an incorrect packet length, which includes portions of memory in an error message...
Directory traversal
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPathpath parameter to 1 class.forumposts.php and 2 forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory...
Null pointer dereference
The TIFFFetchShortPair function in tifdirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service application crash via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function...
Design/Logic Flaw
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the 1 session extension aka ext/session and the 2 header function...
Out-of-bounds
Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...
Information disclosure
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361...
Input validation
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...
Remote code execution
Windows USB Hub Driver Remote Code Execution Vulnerability...
Privilege escalation
Windows USB Print Driver Elevation of Privilege Vulnerability...
Authentication flaw
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration PI - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application...
Design/Logic Flaw
Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host or another fixed-output derivation via Unix domain sockets in the abstract namespace. This allows to modify the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscacheputcache This function dereferences "cache" and then checks if it's ISERRORNULL. Check first, then dereference...
Out-of-bounds
An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...
Sql injection
A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument catid/brandid/keyword leads to sql injection. The attack can be launched...
Design/Logic Flaw
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
Design/Logic Flaw
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
Code injection
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
Design/Logic Flaw
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory...