Lucene search
K

97 matches found

nessus
nessus
added 2009/12/22 12:0 a.m.33 views

SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)

The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...

9.3CVSS8.4AI score0.03963EPSS
Exploits8References17
exploitdb
exploitdb
added 2009/12/18 12:0 a.m.44 views

Mozilla Firefox - Location Bar Spoofing

Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK CVE :...

6.8CVSS7.4AI score0.02539EPSS
Exploits6
seebug
seebug
added 2009/12/18 12:0 a.m.41 views

Firefox内容注入网页欺骗漏洞

BUGTRAQ ID: 37370 CVE ID: CVE-2009-3985 Firefox是一款流行的开源WEB浏览器。 恶意网页可以将document.location设置为无法正确显示的URL,然后向所生成的空白页中注入内容。攻击者可以利用这个漏洞在地址栏中放置看起来合法但实际上无效的URL,并向页面中注入HTML和JavaScript,执行欺骗攻击。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁: Debian ------...

6.8CVSS0.1AI score0.02539EPSS
Exploits6
exploitpack
exploitpack
added 2009/12/18 12:0 a.m.29 views

Mozilla Firefox - Location Bar Spoofing

Mozilla Firefox - Location Bar Spoofing Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN...

6.8CVSS0.02539EPSS
Exploits6
seebug
seebug
added 2009/12/18 12:0 a.m.30 views

Mozilla Firefox Location Bar Spoofing Vulnerability

No description provided by source. Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY Date: 2009-12-18 Author: Jordi Chancel Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html Version: Mozilla Firefox 3.0.15 & 3.5.5 Tested on: Windows XP-VISTA-SEVEN &...

6.8CVSS9.7AI score0.02539EPSS
Exploits6
nessus
nessus
added 2009/12/18 12:0 a.m.224 views

Fedora 12 : seamonkey-2.0.1-1.fc12 (2009-13362)

Update to new upstream SeaMonkey version 2.0.1, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/seamonkey20.htmlseamonkey2.0.1 CVE-2009-3979 CVE-2009-3980 CVE-2009-3982 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985...

9.3CVSS8.3AI score0.04785EPSS
Exploits8References12
nessus
nessus
added 2009/12/18 12:0 a.m.240 views

Fedora 11 : Miro-2.5.2-7.fc11 / blam-1.8.5-17.fc11 / chmsee-1.0.1-14.fc11 / epiphany-2.26.3-7.fc11 / etc (2009-13333)

Update to new upstream Firefox version 3.5.6, fixing multiple security issues detailed in the upstream advisories: http://www.mozilla.org/security/known- vulnerabilities/firefox35.htmlfirefox3.5.6 Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox /...

9.3CVSS8.3AI score0.04785EPSS
Exploits8References35
cve
cve
added 2009/12/17 5:0 p.m.109 views

CVE-2009-3985

CVE-2009-3985 affects Mozilla Firefox prior to 3.0.16 and 3.5.x prior to 3.5.6, and SeaMonkey prior to 2.0.1. The issue allows remote attackers to cause spoofing by setting document.location to the vulnerable URL and then writing arbitrary script/HTML to the associated blank document, enabling co...

6.8CVSS6.4AI score0.02539EPSS
Exploits6References25Affected Software2
securityvulns
securityvulns
added 2009/12/17 12:0 a.m.85 views

Mozilla Foundation Security Advisory 2009-69

Mozilla Foundation Security Advisory 2009-69 Title: Location bar spoofing vulnerabilities Impact: Moderate Announced: December 15, 2009 Reporter: Jonathan Morgan, Jordi Chancel Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1 Description Security researcher...

6.8CVSS9.3AI score0.02539EPSS
Exploits7
ubuntucve
ubuntucve
added 2009/12/15 12:0 a.m.32 views

CVE-2009-3985

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to...

6.8CVSS7.2AI score0.02539EPSS
Exploits6References3
prion
prion
added 2009/04/13 4:30 p.m.15 views

Stack overflow

Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to...

9.3CVSS8AI score0.05664EPSS
Exploits2References13Affected Software4
cve
cve
added 2008/10/14 9:0 p.m.52 views

CVE-2008-3985

CVE-2008-3985 affects Oracle E-Business Suite 12.0.4 via the Oracle Applications Technology Stack component. Public details indicate a remote-authenticated/unauthenticated access risk to confidentiality from unknown vectors. The issue is addressed in Oracle’s CPU Oct 2008 advisory (CPUOCT2008) wi...

5CVSS5.8AI score0.01307EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2007/07/25 6:30 p.m.19 views

CVE-2007-3985

Directory traversal vulnerability in file.cgi in Secure Computing SecurityReporter aka Network Security Analyzer 4.6.3 allows remote attackers to download arbitrary files via a .. dot dot in the name parameter...

5CVSS6.7AI score0.01913EPSS
Exploits1References8
cve
cve
added 2007/07/25 6:0 p.m.44 views

CVE-2007-3985

The CVE-2007-3985 issue affects Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, where the file.cgi script fails to sanitize the name parameter. This enables a directory traversal attack (".." in the name) allowing remote attackers to download arbitrary files from ...

5CVSS6.7AI score0.01913EPSS
Exploits1References8Affected Software1
cve
cve
added 2006/08/05 12:0 a.m.58 views

CVE-2006-3985

CVE-2006-3985 affects ConeXware PowerArchiver 9.62.03 via DZIPS32.DLL 6.0.0.4, where a stack-based buffer overflow occurs when a crafted ZIP archive containing a long-named file is processed. This allows a user‑assisted attacker to execute arbitrary code. The connected records confirm the vulnera...

9.3CVSS7.8AI score0.04486EPSS
Exploits1References10Affected Software1
cvelist
cvelist
added 2006/08/05 12:0 a.m.28 views

CVE-2006-3985

Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name...

7.7AI score0.04486EPSS
Exploits1References10
cve
cve
added 2005/12/04 10:0 p.m.49 views

CVE-2005-3985

The CVE-2005-3985 entry concerns the Internet Key Exchange v1 (IKEv1) implementation in Astaro Security Linux prior to 6.102, which can be triggered by crafted IKE packets to cause a denial of service and possibly arbitrary code execution; the advisory notes uncertainty about whether CVE-2005-366...

7.8CVSS7.7AI score0.04254EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder