Oracle Forms Recognition CroScPlt.dll ActiveX Control Remote Code Execution Vulnerabilty

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebCenter Forms Recognition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution

Mozilla Firefox before version 41 allowed users to install unsigned browser extensions from arbitrary web servers. This module dynamically creates an unsigned .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page. The victim's Firefox browser will pop...

[CVE-2012-1089] Apache Wicket serving of hidden files vulnerability

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x and 1.5.x Description: It is possible to view the content of any file of a web application by using an Url to a Wicket resource which resolves to a 'null' package. With such a Url the attacker can...

update for chromium, v8 (important)

Update to 19.0.1079 Security Fixes bnc754456: High CVE-2011-3050: Use-after-free with first-letter handling High CVE-2011-3045: libpng integer issue from upstream High CVE-2011-3051: Use-after-free in CSS cross-fade handling High CVE-2011-3052: Memory corruption in WebGL canvas handling High...

PT-2012-1249 · Netfilter +3 · Iptables +3

Name of the Vulnerable Software and Affected Versions: iptables versions through 1.4.21 Description: The issue is related to insufficient input validation in the extensions/libxt tcp.c component of the iptables interface, which could allow a remote attacker to access confidential data, compromise...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: fewhois, cagtables, additionalreports, generaldatadisplay, realty, dkdfeuserbelogin, tcfbconnect, dixeasylogin, ajadofacebook, facebook2t3, sociallogin2t3, kbeventboard, news Release Date: March 28, 2012 Please...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...

FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution

This module exploits FreePBX version 2.10.0,2.9.0 and possibly older. Due to the way callmepage.php handles the 'callmenum' parameter, it is possible to inject code to the '$channel' variable in function callmestartcall in order to gain remote code execution. Please note in order to use this modu...

Google Chrome < 17.0.963.83 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 17.0.963.83 and is, therefore, affected by the following vulnerabilities : - An unspecified integer issue exists in libpng. CVE-2011-3045 - An error exists related to the extension web request API that could allow denial of...

Google Chrome < 17.0.963.83 Multiple Vulnerabilities

Binary data 6356.pasl...

Google Chrome < 17.0.963.83 Multiple Vulnerabilities

Binary data 800954.prm...

Sandcat Browser 2.0 Released - Penetration Testing Oriented Browser

Sandcat Browser 2.0 Released, Penetration Testing Oriented Browser Sandcat Browser version 2.0 includes several user interface and experience improvements, an improved extension system, RudraScript support and new extensions. What is Sandcat Browser? The fastest web browser combined with the...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: tkcropthumbs, t3extplorer, tcbeuser, anpredigten, solr, pdfcontroller, cc20, jwplayer Release Date: February 23, 2012 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensio...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

samba: insecure "wide links" default

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create...

Low: Red Hat Security Advisory: samba security, bug fix, and enhancement update

Updated samba packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RedHat Update for samba RHSA-2012:0313-03

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2012-0993

Eval injection vulnerability in zp-core/zp-extensions/viewersizeimage.php in ZENphoto 1.4.2, when the viewersizeimage plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewersizeimagesaved cookie...

openssl: malformed RFC 3779 data can cause assertion failures

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service assertion failure via an X.509 certificate containing certificate-extension data associated with 1 IP address blocks or 2 Autonomous System AS identifiers...

Sandcat Browser - Penetration Testing Oriented Browser

Penetration Testing Oriented Browser - Sandcat Browser The fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team,...