Mozilla Firefox JavaScript Function focus Buffer Overflow - Ver2 (CVE-2006-1993)

The Firefox web browser is an application designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so forth. The browser application has a built-in JavaScript interpreter which also allows it to use the Document Object Model DOM, in particular ...

i-doit Pro 1.2.4 Cross Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2014-1237 CSNC ID: CSNC-2014-002 Product: i-doit Vendor: synetics Gesellschaft für Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...

Crash when using web workers with asm.js — Mozilla

Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable...

Use-after-free with imgRequestProxy and image processing — Mozilla

Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash...

Solaris 9 (sparc) : 150506-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Remote Procedure Call RPC. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can...

Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability

Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...

CVE-2013-6430 Possible XSS when using Spring MVC

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...

Plone CMS Credential Disclosure

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart Date: 20/05/2013...

[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...

QuickHeal AntiVirus 7.1 PRO - Stack Overflow Vulnerability

Document Title: =============== QuickHeal AntiVirus 7.1 PRO - Stack Overflow Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1173 View: http://www.youtube.com/watch?v=6aQR8H6HoCs http://www.vulnerability-lab.com/getcontent.php?id=1171 Resources:...

USP Secure Entry Server URL Redirection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Secure Entry Server SES Vendor: United Security Providers Ltd. CSNC ID: CSNC-2013-008 CVD ID: CVE-2013-2764 Subject: URL Redirection Risk: High Effect: Remotely exploitable Author: Alexandre Herzog Date: 18.12.2013...

PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption

!/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version: 1.5.40688 Probably old version of PotPlayer too Vendor Homepage:...

IcoFX 2.5.0.0 Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability 1. Advisory Information Title: IcoFX Buffer Overflow Vulnerability Advisory ID: CORE-2013-1107 Advisory URL: http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability Date...

Segmentation violation when replacing ordered list elements — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that ca...

Use-after-free in event listeners — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash...

Use-after-free during Table Editing — Mozilla

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash...

$100 Million Worth of Bitcoins Stolen

UPDATE: As if Bitcoin malware and Bitcoin mining malware weren’t enough to worry about, there was more trouble for the users of the digital crypto-currency last week as 96,000 Bitcoins disappeared from the Sheep Marketplace. Bicoin’s value has surged in recent weeks, peaking at an astonishing...

FlashComs Chat 6.5 - Arbitrary File Upload

"@".$options'f'."","fileId" = $options"f"; $result = curlexec$handle; ifstrpos$result,"UPLOADSUCCESS" echo "\n\n"; echo "\t+ Exploitation success!!\n"; echo "\t...

LiveZilla Cross Site Scripting

Security Advisory - Curesec Research Team ========================================= 1. Introduction ---------------- Advisory ID: Cure-2013-1006 Advisory URL: https://www.curesec.com/ Affected Product: Prior 5.1.1.0 Fixed Version: 5.1.1.0 Vendor Contact: [email protected] Vulnerability Type:...

Debian Security Advisory DSA 2800-1 (nss - buffer overflow)

Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library nss. With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. OpenVAS Vulnerability Test $Id: deb2800.nasl 6611 2017-07-07...