Смотрите также связанные темы 09.01.2018 CVE-2013-0001 The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
30.12.2018 CVE-2009-4480 Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10.10.2018 CVE-2015-4929 IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.
19.08.2018 CVE-2008-3717 Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
09.01.2018 CVE-2015-7115 libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
19.08.2018 CVE-2008-3705 Stack-based buffer overflow in the CLogger::WriteFormated function in echoware/Logger.cpp in EchoVNC Linux before 1.1.2 allows remote echoServers to execute arbitrary code via a large (1) group or (2) user list, aka a"very crowded echoServer"attack. NOTE: some of these details are obtained from third party information.
18.08.2018 CVE-2008-3704 Stack-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0 allows remote attackers to execute arbitrary code via a long Mask parameter, as exploited in the wild in August 2008. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14.08.2018 CVE-2008-3679 Multiple cross-site scripting (XSS) vulnerabilities in index.html in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14.08.2018 CVE-2008-3675 Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a .. (dot dot) and possibly (2) full pathname in the img parameter. NOTE: some of these details are obtained from third party information.
16.09.2018 CVE-2008-4115 TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.
|