openSUSE Security Update : exim (openSUSE-SU-2012:1404-1)

This update fixes a remotely exploitable overflow in DKIM handling. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-738. The text description of this plugin is C SUSE LLC...

openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)

The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...

openSUSE Security Update : seamonkey (openSUSE-SU-2012:0007-1)

seamonkey version 2.6 fixes several security issues : dbg114-seamonkey-5574 newupdateinfo seamonkey-5574 MFSA 2011-53/CVE-2011-3660: Miscellaneous memory safety hazards dbg114-seamonkey-5574 newupdateinfo seamonkey-5574 MFSA 2011-54/CVE-2011-3661: Potentially exploitable crash in the YARR regular...

Mozilla Thunderbird < 24.6 Multiple Vulnerabilities

Binary data 8292.prm...

Use-after-free with SMIL Animation Controller — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem with the SMIL Animation Controller when interacting with and rendering improperly formed web content. This causes a potentially exploitable crash...

Use-after-free in Event Listener Manager — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free in the event listener manager. This can be triggered by web content and leads to a potentially exploitable cras...

Buffer overflow in Web Audio Speex resampler — Mozilla

Security researcher Holger Fuhrmannek used the used the Address Sanitizer tool to discover a buffer overflow with the Speex resampler in Web Audio when working with audio content that exceeds expected bounds. This leads to a potentially exploitable crash...

Mozilla Firefox < 30.0 Multiple Vulnerabilities

Binary data 8290.prm...

Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a number of use-after-free and out of bounds read issues using the Address Sanitizer tool. These issues are potentially exploitable, allowing for remote code execution...

New OpenSSL MITM Flaw Affects All Clients, Some Server Versions

There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software. The new vulnerability...

Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

Two months ago, we reported a critical vulnerability on the Yahoo Answers platform that allowed a hacker to delete all the posted thread and comments from Yahoo's Suggestion Board website. Recently, a similar vulnerability has been reported by another Egyptian security researcher 'Ahmed Aboul-Ela...

Solaris 10 (sparc) : 150113-02 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: sockfs. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorize...

Solaris 10 (x86) : 150114-02 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: sockfs. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorize...

BlackBerry Z 10 - Buffer Overflow in qconnDoor [MZ-13-05]

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Buffer Overflow in qconnDoor MZ-13-05 --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

[CVE-2014-2087] Free Download Manager CDownloads_Deleted::UpdateDownload&#40;&#41; Buffer Overflow Remote Code Execution

RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Free Download Manager Vendor URL: www.freedownloadmanager.org Type: Stack-based Buffer Overflow CWE-121 Date found: 2014-02-20 Date published: 2014-02-13 CVSSv2 Score: 9,3...

http-vuln-cve2013-7091 NSE Script

An 0 day was released on the 6th December 2013 by rubina119, and was patched in Zimbra 7.2.6. The vulnerability is a local file inclusion that can retrieve any file from the server. Currently, we read /etc/passwd and /dev/null, and compare the lengths to determine vulnerability. TODO: Add the...

Blind SQL Injection Vulnerability in KnowledgeTree &lt;= 3.7.0.2

Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection CVE-2014-2737 ============ The application is vulnerable to blind SQL injection which is...

Hacking Traffic Systems for Fun and Chaos

It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless...

Web Audio memory corruption issues — Mozilla

Security researcher Ash reported an out of bounds read issue with Web Audio. This issue could allow for web content to trigger crashes that are potentially exploitable...

Use-after-free in nsHostResolver — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a use-after-free during host resolution in some circumstances. This leads to a potentially exploitable crash...