|
|
|
|
Title:
|
Jet Database Engine Remote Code Execution Vulnerability
|
|
Report:
|
-
|
|
Vendor:
|
Microsoft
|
|
Status:
|
problem fixed
|
|
References:
|
Microsoft Security Advisory CVE-2019-0579
|
|
CVE:
|
CVE-2019-0579
|
|
|
|
|
Title:
|
VMware Movie Decoder Installer msiexec.exe Planting
|
|
Report:
|
-
|
|
Vendor:
|
VMware
|
|
Status:
|
problem fixed
|
|
References:
|
VMware Security Advisory VMSA-2012-0014
|
|
CVE:
|
CVE-2012-4897
|
|
|
|
|
Title:
|
Adobe Reader X (10.1.2) msiexec.exe Planting
|
|
Report:
|
Blog post
|
|
Vendor:
|
Adobe
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Security updates available for Adobe Reader and Acrobat (APSB12-08)
|
|
CVE:
|
CVE-2012-0776
|
|
|
|
|
Title:
|
Google Chrome HTTPS Address Bar Spoofing
|
|
Report:
|
Blog post
|
|
Vendor:
|
Google
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Chrome 16 Stable Channel Update
|
|
CVE:
|
CVE-2011-3907
|
|
|
|
|
Title:
|
Remote Binary Planting in Mozilla Thunderbird
|
|
Report:
|
ASPR #2011-08-18-2
|
|
Vendor:
|
Mozilla
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Mozilla Foundation Security Advisory 2011-32
|
|
CVE:
|
CVE-2011-2980
|
|
|
|
|
Title:
|
Remote Binary Planting in Mozilla Firefox
|
|
Report:
|
ASPR #2011-08-18-1
|
|
Vendor:
|
Mozilla
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Mozilla Foundation Security Advisory 2011-30
|
|
CVE:
|
CVE-2011-2980
|
|
|
|
|
Title:
|
Remote Binary Planting in Adobe Flash Player
|
|
Report:
|
ASPR #2011-02-11-2
|
|
Vendor:
|
Adobe Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Security update available for Adobe Flash Player
|
|
CVE:
|
CVE-2011-0575
|
|
|
|
|
Title:
|
Remote Binary Planting in Adobe Reader
|
|
Report:
|
ASPR #2011-02-11-1
|
|
Vendor:
|
Adobe Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Security updates available for Adobe Reader and Acrobat
|
|
CVE:
|
CVE-2011-0562
|
|
|
|
|
Title:
|
Remote Binary Planting in Multiple F-Secure Products
|
|
Report:
|
ASPR #2011-01-11-1
|
|
Vendor:
|
F-Secure Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Security Advisory FSC-2010-4 - Binary planting vulnerability
|
|
CVE:
|
unknown
|
|
|
|
|
Title:
|
Remote Binary Planting in Windows Address Book
|
|
Report:
|
ASPR #2010-12-14-1
|
|
Vendor:
|
Microsoft Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft Security Bulletin MS10-096 - Important
|
|
CVE:
|
CVE-2010-3147
|
|
|
|
|
Title:
|
Remote Binary Planting in Microsoft Excel 2010
|
|
Report:
|
ASPR #2010-11-10-3
|
|
Vendor:
|
Microsoft Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
|
CVE:
|
CVE-2010-3337
|
|
|
|
|
Title:
|
Remote Binary Planting in Microsoft Word 2010
|
|
Report:
|
ASPR #2010-11-10-2
|
|
Vendor:
|
Microsoft Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
|
CVE:
|
CVE-2010-3337
|
|
|
|
|
Title:
|
Remote Binary Planting in Microsoft PowerPoint 2010
|
|
Report:
|
ASPR #2010-11-10-1
|
|
Vendor:
|
Microsoft Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft Security Bulletin MS10-087 - Critical
|
|
CVE:
|
CVE-2010-3337
|
|
|
|
|
Title:
|
Remote Binary Planting in Adobe Flash Player
|
|
Report:
|
ASPR #2010-11-05-1
|
|
Vendor:
|
Adobe Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Security update available for Adobe Flash Player
|
|
CVE:
|
CVE-2010-3976
|
|
|
|
|
Title:
|
Remote Binary Planting in Apple Safari for Windows
|
|
Report:
|
ASPR #2010-09-08-1
|
|
Vendor:
|
Apple, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
About the security content of Safari 5.0.2 and Safari 4.1.2
|
|
CVE:
|
CVE-2010-1805
|
|
|
|
|
Title:
|
Remote Binary Planting in Apple iTunes for Windows
|
|
Report:
|
ASPR #2010-08-18-1
|
|
Vendor:
|
Apple, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
About the security content of iTunes 9.1
|
|
CVE:
|
CVE-2010-1795
|
|
|
|
|
Title:
|
Remote Binary Planting in VMware Tools for Windows
|
|
Report:
|
ASPR #2010-04-12-1
|
|
Vendor:
|
VMware, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
VMware Security Advisory VMSA-2010-0007
|
|
CVE:
|
CVE-2010-1141
|
|
|
|
|
Title:
|
Local Binary Planting in VMware Tools for Windows
|
|
Report:
|
ASPR #2010-04-12-2
|
|
Vendor:
|
VMware, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
VMware Security Advisory VMSA-2010-0007
|
|
CVE:
|
CVE-2010-1142
|
|
|
|
|
Title:
|
HTML Injection in Oracle WebLogic Server Console
|
|
Report:
|
ASPR #2009-10-30-1
|
|
Vendor:
|
Oracle Corporation
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Oracle Critical Patch Update Advisory - October 2009
|
|
CVE:
|
CVE-2009-3396
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console
|
|
Report:
|
ASPR #2009-01-27-1
|
|
Vendor:
|
Oracle Corporation
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Oracle Critical Patch Update Advisory - January 2009
|
|
CVE:
|
unknown
|
|
|
|
|
Title:
|
XML Entity Explosion in Ruby
|
|
Report:
|
ASPR #2009-01-05-1
|
|
Vendor:
|
Ruby
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Ruby news post
|
|
CVE:
|
CVE-2008-3790
|
|
|
|
|
Title:
|
HTTP Header Injection in Ruby Core library
|
|
Report:
|
ASPR #2009-01-05-2
|
|
Vendor:
|
Ruby
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Ruby on Rails weblog post
|
|
CVE:
|
CVE-2008-5189
|
|
|
|
|
Title:
|
Session Fixation Vulnerability in WebLogic Administration Console
|
|
Report:
|
ASPR #2008-03-11-2
|
|
Vendor:
|
BEA Systems
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA08-196.00
|
|
CVE:
|
CVE-2008-0900
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console
|
|
Report:
|
ASPR #2008-03-11-1
|
|
Vendor:
|
BEA Systems
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA08-195.00
|
|
CVE:
|
CVE-2008-0899
|
|
|
|
|
Title:
|
Session Fixation Vulnerability in HP SIM 5.0
|
|
Report:
|
ASPR #2007-05-14-1
|
|
Vendor:
|
Hewlett-Packard Company
|
|
Status:
|
problem fixed, report published
|
|
References:
|
HP Security Bulletin
|
|
CVE:
|
CVE-2007-2719
|
|
|
|
|
Title:
|
Buffer Overflow In Retroclient Service
|
|
Report:
|
ASPR #2006-05-17-1
|
|
Vendor:
|
EMC Corporation
|
|
Status:
|
problem fixed, report published
|
|
References:
|
EMC Retrospect Knowledgebase
|
|
CVE:
|
CVE-2006-2391
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (2)
|
|
Report:
|
ASPR #2005-05-24-2
|
|
Vendor:
|
BEA Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
|
CVE:
|
CAN-2005-1747
|
|
|
|
|
Title:
|
HTML Injection in BEA WebLogic Server Console (1)
|
|
Report:
|
ASPR #2005-05-24-1
|
|
Vendor:
|
BEA Systems, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
BEA Systems Security Advisory BEA07-80.03
|
|
CVE:
|
CAN-2005-1747
|
|
|
|
|
Title:
|
Unsanitized Session ID Cookie Allows Modifying Server Response
|
|
Report:
|
ASPR #2004-10-14-3
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1478
|
|
|
|
|
Title:
|
Session Fixation in JRun Management Console
|
|
Report:
|
ASPR #2004-10-14-2
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1478
|
|
|
|
|
Title:
|
HTML Injection in JRun Management Console
|
|
Report:
|
ASPR #2004-10-14-1
|
|
Vendor:
|
Macromedia, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Macromedia Security Bulletin
|
|
CVE:
|
CAN-2004-1477
|
|
|
|
|
Title:
|
Poisoning Cached HTTPS Documents in Internet Explorer
|
|
Report:
|
ASPR #2004-10-13-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CAN-2004-0845
|
|
|
|
|
Title:
|
Internet Explorer/Outlook double null character DoS
|
|
Report:
|
ASPR
#2004-01-20-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CAN-2004-0284
|
|
|
|
|
Title:
|
Remote Retrieval Of IIS Session Cookies From
Web Browsers
|
|
Report:
|
ASPR
#2000-07-22-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0970
|
|
|
|
|
Title:
|
Remote Retrieval Of Authentication Data From
Internet Explorer
|
|
Report:
|
ASPR
#2000-07-22-2
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0982
|
|
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Netscape Navigator
|
|
Report:
|
ASPR
#2000-04-06-1
|
|
Vendor:
|
Netscape
Corp. (an America
Online, Inc. company)
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Netscape
Security Notes
CERT/CC
Advisory
C|NET
Story
|
|
CVE:
|
CVE-2000-0406
|
|
|
|
|
Title:
|
Bypassing Warnings For Invalid SSL Certificates
In Internet Explorer
|
|
Report:
|
ASPR
#1999-12-15-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
CERT/CC
Advisory
|
|
CVE:
|
CVE-2000-0518, CVE-2000-0519
|
|
|
|
|
Title:
|
Processing Of Illegal URL Hexadecimal Encodings
In IIS 4.0
|
|
Report:
|
ASPR
#1999-11-10-1
|
|
Vendor:
|
Microsoft
Corp.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
Microsoft
Security Bulletin
|
|
CVE:
|
CVE-2000-0024
|
|
|
|
|
Title:
|
A "dot-dot" Problem In WebID Agent
For Microsoft IIS
|
|
Report:
|
ASPR
#1999-10-26-1
|
|
Vendor:
|
RSA
Security, Inc.
|
|
Status:
|
problem fixed, report published
|
|
References:
|
RSA
Security Bulletin *
|
|
CVE:
|
CAN-2001-1461
|
