Unknown · CVSS Not scored
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.
Published Feb 21, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.
Published Feb 12, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
Published Feb 18, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.
Published Feb 12, 2020 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.
Published Feb 12, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."
Published Feb 17, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
Published Feb 17, 2012 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the ccid_card_vscard_handle_message function in hw/ccid-card-passthru.c in QEMU before 0.15.2 and 1.x before 1.0-rc4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VSC_ATR message.
Published Feb 26, 2014 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.
Published Feb 17, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 might allow remote attackers to hijack connections and gain privileges as other users by making a large number of connections until the overflow occurs and an ID of another user is provided.
Published Feb 10, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
Published Feb 1, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.
Published Feb 8, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences.
Published Feb 10, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
obby (aka libobby) does not verify SSL server certificates, which allows remote attackers to spoof servers via an arbitrary certificate.
Published Feb 10, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.
Published Feb 1, 2018 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
Published Feb 6, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly check signatures, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not prevent monitoring of the clipboard after a paste event, which has unspecified impact and remote attack vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the locale implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via a crafted certificate.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in the garbage-collection functionality in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF documents.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Race condition in Google Chrome before 17.0.963.46 allows remote attackers to execute arbitrary code via vectors that trigger a crash of a utility process.
Published Feb 9, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.
Published Feb 12, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
Published Feb 1, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
Published Feb 1, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Joomla! core 1.7.1 allows information disclosure due to weak encryption
Published Feb 4, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.
Published Feb 28, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.
Published Feb 17, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.
Published Feb 17, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin.
Published Feb 8, 2020 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.
Published Feb 17, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Published Feb 15, 2012 · Updated Aug 6, 2024
Unknown · CVSS Not scored
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key.
Published Feb 15, 2014 · Updated Aug 6, 2024
Unknown · CVSS Not scored
Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data.
Published Feb 2, 2012 · Updated Aug 6, 2024