Nou pe blog:

HTTPS obligatoriu pentru Google parteneriate camscape

Newsletter

fii la zi cu ultimele oferte si noutati camscape si introdu mai jos adresa ta de email pentru abonare la newsletter ...

Vulnerabilitati securitate IT

Vulnerabilitati securitate IT

CVE-2014-0282
Posted on Wednesday June 11, 2014

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757. (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0196
Posted on Wednesday May 07, 2014

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-8727
Posted on Monday November 17, 2014

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. (CVSS:6.2) (Last Update:2017-01-06)

 

CVE-2014-5207
Posted on Monday August 18, 2014

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. (CVSS:6.0) (Last Update:2017-01-06)

 

CVE-2014-3434
Posted on Wednesday August 06, 2014

Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-4971
Posted on Saturday July 26, 2014

Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem. (CVSS:7.2) (Last Update:2017-01-06)

 

CVE-2014-0226
Posted on Sunday July 20, 2014

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. (CVSS:6.8) (Last Update:2017-01-06)

 

CVE-2014-4943
Posted on Saturday July 19, 2014

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (CVSS:6.9) (Last Update:2017-01-06)

 

CVE-2014-2623
Posted on Thursday July 17, 2014

Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors. (CVSS:10.0) (Last Update:2017-01-06)

 

CVE-2014-3857
Posted on Thursday July 03, 2014

Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. (CVSS:6.5) (Last Update:2017-01-06)

 

CVE-2014-4014
Posted on Monday June 23, 2014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. (CVSS:6.2) (Last Update:2017-01-06)

 

CVE-2014-3153
Posted on Saturday June 07, 2014

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (CVSS:7.2) (Last Update:2017-01-06)

 

CVE-2014-0514
Posted on Tuesday April 15, 2014

The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0160
Posted on Monday April 07, 2014

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. (CVSS:5.0) (Last Update:2017-01-06)

 

CVE-2014-0257
Posted on Tuesday February 11, 2014

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability." (CVSS:9.3) (Last Update:2017-01-06)

 

CVE-2014-0497
Posted on Wednesday February 05, 2014

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors. (CVSS:10.0) (Last Update:2017-01-06)

 

CVE-2013-5045
Posted on Tuesday December 10, 2013

Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability." (CVSS:6.2) (Last Update:2017-01-06)

 

CVE-2013-1670
Posted on Thursday May 16, 2013

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. (CVSS:4.3) (Last Update:2017-01-06)

 

CVE-2013-2094
Posted on Tuesday May 14, 2013

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. (CVSS:7.2) (Last Update:2017-01-06)

 

CVE-2014-7288
Posted on Saturday January 31, 2015

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. (CVSS:9.0) (Last Update:2017-01-02)

 

CVE-2014-8826
Posted on Friday January 30, 2015

LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. (CVSS:5.0) (Last Update:2017-01-02)

 

CVE-2015-0016
Posted on Tuesday January 13, 2015

Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability." (CVSS:9.3) (Last Update:2017-01-02)

 

CVE-2014-7285
Posted on Wednesday December 17, 2014

The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts. (CVSS:6.5) (Last Update:2017-01-02)

 

CVE-2014-4113
Posted on Wednesday October 15, 2014

win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability." (CVSS:7.2) (Last Update:2016-12-30)

 

CVE-2008-5753
Posted on Tuesday December 30, 2008

Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar. (CVSS:9.3) (Last Update:2016-12-30)

 

CVE-2013-7409
Posted on Thursday October 30, 2014

Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. (CVSS:7.5) (Last Update:2016-12-30)

 

CVE-2013-4730
Posted on Thursday May 15, 2014

Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. (CVSS:10.0) (Last Update:2016-12-30)

 

CVE-2013-7349
Posted on Monday March 31, 2014

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates. (CVSS:7.5) (Last Update:2016-12-30)

 

CVE-2013-5640
Posted on Monday March 31, 2014

Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. (CVSS:7.5) (Last Update:2016-12-30)

 

CVE-2013-7316
Posted on Friday January 24, 2014

Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html. (CVSS:4.3) (Last Update:2016-12-30)

 

camscape logo white © 1996 - 2017 Camscape Services SRL
All rights reserved

Compania | Contact | blog
CAMSCAPE ISO 9001 - 27001 ISO 9001:2008
ISO/IEC 27001:2013
Servicii IT
click2call
solicita suport camscape
security feeds
close Serviciul click2call este disponibil de luni pana vineri intre orele 9 - 18
close
Numele dvs. *
Email *
Telefon
Compania
Problema semnalata *
* campuri obligatorii