Page 34 of 1003 results (0.034 seconds)

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration. EMC RSA Authentication Agent v7.1.x anterior a v7.1.2 sobre Windows no refuerza la característica Quick PIN Unlock, lo que permitiría a atacantes próximos físicamente evitar la restricción de código de acceso cuando se inicia el protector de pantalla, introduciendo el PIN después del tiempo de expiración. • http://archives.neohapsis.com/archives/bugtraq/2013-03/0001.html • CWE-16: Configuration •

CVSS: 4.4EPSS: 0%CPEs: 12EXPL: 1

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application. Desbordamiento de buffer en pgpwded.sys del Symantec PGP Desktop v10.x and Encryption Desktop v10.3.0 antes de MP1 en Windows XP y Server 2003 que permite a usuarios locales escalar privilegios por medio de aplicaciones creadas para este propósito. • https://www.exploit-db.com/exploits/38299 http://www.securityfocus.com/bid/57835 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 93%CPEs: 36EXPL: 1

Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 7 hasta 10 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer COmWindowProxy Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of iframes. By manipulating an iframe using window.open an attacker can force a dangling pointer to be reused after it has been freed. • https://www.exploit-db.com/exploits/40879 http://blog.skylined.nl/20161202001.html http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16465 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 84%CPEs: 22EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 8 y 9 que permite a atacantes remotos ejecutar código arbitrario a través de un sitio web modificado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer pasteHTML Use After Free Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TextRange objects. The issue lies in the usage of Range.moveToElementText and Range.collapse. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16126 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 84%CPEs: 35EXPL: 0

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." Vulnerabilidad de uso después de liberación en Microsoft Internet Explorer 6 a 9 permite a atacantes remotos ejecutar código arbitrario a través de un sitio web diseñado que desencadena el acceso a un objeto eliminado, también conocido como "Internet Explorer CHTML Uso uso después de liberación ". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CSelectionManager objects. The issue lies in the usage of the focus() method on a textArea element. • http://www.us-cert.gov/cas/techalerts/TA13-043B.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16245 • CWE-399: Resource Management Errors •