Cross site request forgery (csrf)

The SOY Inquiry component of SOY CMS is affected by Cross-site Request Forgery CSRF and Remote Code Execution RCE. The vulnerability affects versions 2.0.0.3 and earlier of SOY Inquiry. This allows remote attackers to force the administrator to edit files once the administrator loads a specially...

Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)

Summary IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. IBM Streams has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds...

Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8317)

Summary There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. Vulnerability Details CVE-ID: CVE-2015-8317 Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the...

Security Bulletin: Vulnerability in libxml2 affects IBM InfoSphere Streams. (CVE-2015-8710)

Summary There is a vulnerability in libxml2 that is used by IBM InfoSphere Streams. IBM InfoSphere Streams has addressed this vulnerability. Vulnerability Details CVE-ID: CVE-2015-8710 Description: Libxml2 is vulnerable to a denial of service, caused by an out-of-bounds memory access when parsing...

Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819)

Summary IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 CVE-2015-1819 Vulnerability Details CVEID:CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader...

Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2007:131)

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.4. This update provides the latest Thunderbird to correct these issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Mandriva Update for mozilla-thunderbird MDKSA-2007:131 (mozilla-thunderbird)

Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDKSA-2007:131 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3545)

This update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome...

CVE-2007-3657

Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS...

Race condition

Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS...

Fusetalk SQL injection submission.

Greetings, I have found sql injection in FuseTalk 2.0 during a legitmate audit. Resending because I got MIME errors to [email protected]. I have exchanged emails with [email protected] who needed more information when I originally sent an email to [email protected] Operating...

Unpatched input validation flaw in Firefox 2.0.0.4

Firefox 2.0.0.4 contains a fix for a directory traversal vulnerability that allowed you to read local files through the resource protocol. However, the patch only partially fixed the vulnerability on Windows systems and accidentally circumvents an existing input validation check. The net result i...