Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors....
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and...
The Accounts tab in the administrative user interface in McAfee Web Gateway (MWG) before 7.3.2.9 and 7.4.x before 7.4.2 allows remote authenticated users to obtain the hashed user passwords via unspecified vectors. Date published...
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a u0000 character, as demonstrated by an onclick="window.open(‘u0000javascript: sequence to the Android Browser...
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. Date published : 2014-09-02 http://www.exploit-db.com/exploits/34452 http://seclists.org/fulldisclosure/2014/Aug/78
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table...
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation...
Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections. Date published : 2014-09-02 http://www.securityfocus.com/archive/1/533180/100/0/threaded http://mathias-kettner.de/check_mk_werks.php?werk_id=983
Innovative Interfaces Sierra Library Services Platform 1.2_3 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests,...
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Date published : 2014-09-02 http://www.securityfocus.com/bid/69466 http://www.securityfocus.com/archive/1/533267/100/0/threaded
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted...
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC...
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element. Date published :...
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/. Date published :...