Nou pe blog:

Solutii marketing, transmitere emailuri comerciale parteneriate camscape

Newsletter

fii la zi cu ultimele oferte si noutati camscape si introdu mai jos adresa ta de email pentru abonare la newsletter ...

Vulnerabilitati securitate IT

Vulnerabilitati securitate IT

CVE-2014-4113
Posted on Wednesday October 15, 2014

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." (CVSS:7.2) (Last Update:2017-03-13)

 

CVE-2014-9916
Posted on Thursday February 23, 2017

Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php. (CVSS:4.3) (Last Update:2017-02-27)

 

CVE-2008-6996
Posted on Wednesday August 19, 2009

Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting. (CVSS:5.0) (Last Update:2017-02-19)

 

CVE-2008-6779
Posted on Friday May 01, 2009

SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php. (CVSS:7.5) (Last Update:2017-02-19)

 

CVE-2008-6282
Posted on Wednesday February 25, 2009

SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. (CVSS:6.5) (Last Update:2017-02-19)

 

CVE-2008-5589
Posted on Tuesday December 16, 2008

SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information. (CVSS:7.5) (Last Update:2017-02-19)

 

CVE-2008-4048
Posted on Thursday September 11, 2008

Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method. (CVSS:6.8) (Last Update:2017-02-19)

 

CVE-2008-3307
Posted on Friday July 25, 2008

SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306. (CVSS:7.5) (Last Update:2017-02-19)

 

CVE-2008-1855
Posted on Wednesday April 16, 2008

FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274. (CVSS:5.0) (Last Update:2017-02-19)

 

CVE-2008-1309
Posted on Wednesday March 12, 2008

The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. (CVSS:9.3) (Last Update:2017-02-19)

 

CVE-2006-0944
Posted on Tuesday February 28, 2006

Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. (CVSS:7.5) (Last Update:2017-02-19)

 

CVE-2014-4014
Posted on Monday June 23, 2014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. (CVSS:6.2) (Last Update:2017-01-19)

 

CVE-2009-0441
Posted on Tuesday February 10, 2009

PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. (CVSS:6.8) (Last Update:2017-01-19)

 

CVE-2008-4138
Posted on Wednesday September 24, 2008

PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter. (CVSS:10.0) (Last Update:2017-01-19)

 

CVE-2006-3142
Posted on Thursday June 22, 2006

SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. (CVSS:7.5) (Last Update:2017-01-19)

 

CVE-2014-0282
Posted on Wednesday June 11, 2014

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757. (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0196
Posted on Wednesday May 07, 2014

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-8727
Posted on Monday November 17, 2014

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. (CVSS:6.2) (Last Update:2017-01-06)

 

CVE-2014-5207
Posted on Monday August 18, 2014

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. (CVSS:6.0) (Last Update:2017-01-06)

 

CVE-2014-3434
Posted on Wednesday August 06, 2014

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-4971
Posted on Saturday July 26, 2014

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. (CVSS:7.2) (Last Update:2017-01-06)

 

CVE-2014-0226
Posted on Sunday July 20, 2014

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVSS:6.8) (Last Update:2017-01-06)

 

CVE-2014-4943
Posted on Saturday July 19, 2014

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-2623
Posted on Thursday July 17, 2014

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. (CVSS:10.0) (Last Update:2017-01-06)

 

CVE-2014-3857
Posted on Thursday July 03, 2014

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. (CVSS:6.5) (Last Update:2017-01-06)

 

CVE-2014-3153
Posted on Saturday June 07, 2014

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVSS:7.2) (Last Update:2017-01-06)

 

CVE-2014-0514
Posted on Tuesday April 15, 2014

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0160
Posted on Monday April 07, 2014

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVSS:5.0) (Last Update:2017-01-06)

 

CVE-2014-0257
Posted on Tuesday February 11, 2014

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0497
Posted on Wednesday February 05, 2014

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. (CVSS:10.0) (Last Update:2017-01-06)

 

camscape logo white © 1996 - 2017 Camscape Services SRL
All rights reserved

Compania | Contact | blog
CAMSCAPE ISO 9001 - 27001 ISO 9001:2008
ISO/IEC 27001:2013
Servicii IT
click2call
solicita suport camscape
security feeds
close Serviciul click2call este disponibil de luni pana vineri intre orele 9 - 18
close
Numele dvs. *
Email *
Telefon
Compania
Problema semnalata *
* campuri obligatorii