Page 14 of 93 results (0.012 seconds)

CVSS: 9.3EPSS: 11%CPEs: 34EXPL: 0

CVE-2010-4294

https://notcve.org/view.php?id=CVE-2010-4294

The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file. La funcionalidad de descompresión de tramas ("frames") en el codec VMnc media de VMware Movie Decoder en versiones anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548, VMware Workstation 6.5.x anteriores a la 6.5.5 build 328052 y 7.x anteriores a la 7.1.2 build 301548 en Windows, VMware Player 2.5.x anteriores a la 2.5.5 build 246459 y 3.x anteriores a la 3.1.2 build 301548 en Windows, y VMware Server 2.x en Windows no valida apropiadamente un campo de tamaño sin especificar, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de la memoria dinámica) a través de un archivo de vídeo modificado. • http://lists.vmware.com/pipermail/security-announce/2010/000112.html http://osvdb.org/69596 http://secunia.com/advisories/42482 http://www.securityfocus.com/archive/1/514995/100/0/threaded http://www.securityfocus.com/bid/45169 http://www.securitytracker.com/id?1024819 http://www.vmware.com/security/advisories/VMSA-2010-0018.html http://www.vupen.com/english/advisories/2010/3116 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 1%CPEs: 35EXPL: 1

CVE-2010-4368

https://notcve.org/view.php?id=CVE-2010-4368

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. awstats.cgi en AWStats anterior a v7.0 en Windows acepta un parámetro configdir en la URL, permitiendo a atacantes remotos ejecutar comandos arbitrarios a través de un fichero de configuración manipulado situado en una ruta de acceso compartido UNC. • http://awstats.sourceforge.net/docs/awstats_changelog.txt http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html http://www.kb.cert.org/vuls/id/870532 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 83%CPEs: 164EXPL: 0

CVE-2010-2884 – Flash: crash or potential arbitrary code execution (APSB10-22)

https://notcve.org/view.php?id=CVE-2010-2884

Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. Vulnerabilidad sin especificar en Adobe Flash Player v10.1.82.76 y anteriores para Windows, Macintosh, Linux, Solaris; Flash Player v10.1.92.10 para Android; Reader v9.3.4 para Windows, Macintosh and UNIX; y Acrobat v9.3.4 y anteriores para Windows y Macintosh permite a los atacantes remotos causar una denegación de servicio (caída) y ejecutar código a su elección a través de vectores desconocidos, se explota activamente desde Septiembre de 2010. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41434 http://secunia.com/advisories/41435 http://secunia.com/advisories/41443 http://secunia.com/advisories/41526 http://secunia.com/advisories/43025 http://secunia.com/advisories/43026 http://security.gentoo.org/glsa/glsa-201101-08. •

CVSS: 10.0EPSS: 25%CPEs: 3EXPL: 0

CVE-2010-0284 – Novell Access Manager Arbitrary File Upload Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0284

Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remote attackers to create arbitrary files with any contents, and consequently execute arbitrary code, via a .. (dot dot) in a parameter, aka ZDI-CAN-678. Vulnerabilidad de salto de directorio en el método getEntry en el componente PortalModuleInstallManager en un servlet en nps.jar en la Consola de administración (Administration Console, también conocida como Access Management Console) en Novell Access Manager v3.1 anteriores a v3.1.2-281 en Windows, permite a atacantes remotos crear ficheros de su elección con cualquier contenido, y consecuentemente ejecutar código de su elección a través de un .. (punto punto) en un parámetro, también conocido como ZDI-CAN-678. This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. • http://secunia.com/advisories/40198 http://www.novell.com/support/viewContent.do?externalId=7006255&sliceId=1 http://www.securityfocus.com/bid/40931 http://www.securitytracker.com/id?1024132 http://www.vupen.com/english/advisories/2010/1516 https://exchange.xforce.ibmcloud.com/vulnerabilities/59528 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0

CVE-2010-1387

https://notcve.org/view.php?id=CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. Vulnerabilidad no específicada en WebKit en Apple iTunes anteriores a v9.2 en Windows, tiene un impacto y vectores de ataque desconocidos, es una vulnerabilidad diferente a CVE-2010-1387 y CVE-2010-1769. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40196 http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024108 http:/ • CWE-399: Resource Management Errors •