Monthly Archive: April 2015

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory...

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass...

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a...

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory...

Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php. Date published : 2015-04-14 http://www.securityfocus.com/bid/74046 http://www.securityfocus.com/archive/1/535212/100/0/threaded

Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable. Date published : 2015-04-14 http://www.securityfocus.com/bid/73706 https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c0483832b52f2577253febfb690

Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to...

Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. Date published : 2015-04-14 http://www.securityfocus.com/bid/73941 http://www.securityfocus.com/archive/1/535186/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1)...

HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. Date published : 2015-04-14 http://www.securityfocus.com/bid/74054 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04634535

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620,...

Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620,...

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Date published...

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." Date published...