Lucene search
K

9802 matches found

ThreatPost
ThreatPost
added 2009/07/16 6:28 p.m.13 views

New DOM Flaw Can Crash IE, Other Major Browsers

From The H Security The Luxembourg security specialists G-SEC have published details of a vulnerability in the majority of browsers which will either crash the browser or consume so much memory that it makes the computer virtually unusable. The trick is simple. Using JavaScript’s DOM Document...

2.4AI score
Exploits0References4
Fedora
Fedora
added 2009/07/16 7:11 a.m.39 views

[SECURITY] Fedora 11 Update: seamonkey-1.1.17-1.fc11

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

9.3CVSS2AI score0.09176EPSS
Exploits5
Fedora
Fedora
added 2009/07/16 6:57 a.m.45 views

[SECURITY] Fedora 10 Update: seamonkey-1.1.17-1.fc10

SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...

9.3CVSS2AI score0.09176EPSS
Exploits5
Packet Storm
Packet Storm
added 2009/07/08 12:0 a.m.33 views

Month Of Twitter Bugs - Twitterfall XSS

Wednesday, July 8, 2009 MoTB 08: DOM Based XSS in Twitterfall What is Twitterfall "Twitterfall is a way of viewing the latest 'tweets' of upcoming trends and custom searches on the micro-blogging site Twitter. Updates fall from the top of the page in near-realtime.." Twitterfall home page Twitter...

Exploits0
OpenVAS
OpenVAS
added 2009/07/06 12:0 a.m.29 views

Mandrake Security Advisory MDVSA-2009:145 (php)

The remote host is missing an update to php announced via advisory MDVSA-2009:145. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-on...

4.3CVSS6.3AI score0.04378EPSS
Exploits1References2
NVD
NVD
added 2009/06/25 5:30 p.m.34 views

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

4.3CVSS6AI score0.08828EPSS
Exploits2References6
Cvelist
Cvelist
added 2009/06/25 5:0 p.m.43 views

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

6AI score0.08828EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2009/06/25 3:7 p.m.6 views

Firefox browser engine crashes

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...

9.3CVSS6.2AI score0.09282EPSS
Exploits1References4
Cisco
Cisco
added 2009/06/24 4:8 p.m.30 views

Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability

Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...

4.3CVSS6.1AI score0.08828EPSS
Exploits2References1
Prion
Prion
added 2009/06/10 6:0 p.m.23 views

Design/Logic Flaw

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a...

9.3CVSS8.2AI score0.07746EPSS
Exploits2References16Affected Software2
UbuntuCve
UbuntuCve
added 2009/06/10 6:0 p.m.32 views

CVE-2009-1701

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service application crash by destroying a...

9.3CVSS6AI score0.07746EPSS
Exploits2References2
CVE
CVE
added 2009/06/10 5:37 p.m.83 views

CVE-2009-1711

CVE-2009-1711 affects WebKit-based components (notably in Apple Safari before 4.0) where WebKit’s Attr DOM memory is not properly initialized. This can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that exercises Attr DOM memory handling...

9.3CVSS7.7AI score0.06685EPSS
Exploits2References17Affected Software1
Debian CVE
Debian CVE
added 2009/06/10 5:37 p.m.27 views

CVE-2009-1701

Removed by vendor...

9.3CVSS6.7AI score0.07746EPSS
Exploits2
Prion
Prion
added 2009/06/10 2:30 p.m.27 views

Design/Logic Flaw

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...

9.3CVSS8.1AI score0.06618EPSS
Exploits2References28Affected Software3
CVE
CVE
added 2009/06/10 2:0 p.m.94 views

CVE-2009-1690

CVE-2009-1690 is a use-after-free in WebKit affecting Safari (pre-4.0) and related WebKit-based products (iPhone OS 1.0–2.2.1, iPod touch 1.1–2.2.1, Google Chrome 1.0.154.53). The issue arises when a crafted HTML tag property causes child elements to be freed and later accessed during an HTML err...

9.3CVSS7.3AI score0.06618EPSS
Exploits2References28Affected Software1
Cvelist
Cvelist
added 2009/06/10 2:0 p.m.22 views

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...

7.5AI score0.06618EPSS
Exploits2References28
UbuntuCve
UbuntuCve
added 2009/06/10 12:0 a.m.40 views

CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...

9.3CVSS6.2AI score0.06618EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2009/05/19 12:0 a.m.23 views

Apple Safari PDF Javascript Security Bypass Bypass Vulnerability

The host is installed with Opera Web Browser and is prone to PDF Javascript Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodapplesafaripdfjsrestbypassvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari PDF Javascript Security Bypass Bypass Vulnerability Authors: Antu...

9.3CVSS6.7AI score0.01717EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/05/19 12:0 a.m.22 views

Opera < 10 PDF JavaScript Security Bypass Vulnerability - Linux

Opera Web Browser is prone to a PDF JavaScript security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.01717EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/05/19 12:0 a.m.27 views

Opera < 10 PDF JavaScript Security Bypass Vulnerability - Windows

Opera Web Browser is prone to a PDF JavaScript security bypass vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.01717EPSS
Exploits0References2
Rows per page
Query Builder