NOTE: the previous information is from the June 2013 CPU. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the provenance of this information is unknown the details are obtained solely from third party information. Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.ġ7 Fips Secure Access 4000, Fips Secure Access 4500, Fips Secure Access 6000 and 14 moreĬross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.Ģ Jboss Enterprise Application Platform, Jboss Enterprise Web Platform SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.ĭirectory traversal vulnerability in index.php in phpPaleo 4.8b155 and earlier allows remote attackers to include and execute arbitrary local files via a. 110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.Ĭomodo Internet Security before 57.2253 on Windows 7 圆4 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter. Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages.Ĭross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiversion field. ![]() The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.Ĥ Aladdin, Fortinet, Pandasecurity and 1 moreĤ Esafe, Fortinet Antivirus, Panda Antivirus and 1 more Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."ġ0 Scalance X-300, Scalance X-300 Firmware, Scalance X-300eec and 7 moreīuffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. ![]() The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |