Mozilla Firefox

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows?remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly...

Mozilla Firefox

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows?remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly...

Design/Logic Flaw

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

CVE-2009-4445

Microsoft Internet Information Services IIS, when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : colon and a safe extension, as demonstrate...

Code to mitigate IIS semicolon zero-day

This mitigation should help block attempts to exploit the IIS semicolon zero-day BID 37460, but no warranties and no guarantees. It didn't crash my web servers during testing, but I make no representations as to how it will or won't perform on anyone else's web servers. This mitigation is only...

[SECURITY] Fedora 11 Update: epiphany-extensions-2.26.1-9.fc11

Epiphany Extensions is a collection of extensions for Epiphany, the GNOME web browser...

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: Car car, TYPO3 Watchdog abawatchdog, File list drblob, ListMan nllistman, XDS Staff List xdsstaff, Document Directorys danpdocumentdirs, Random Prayer Version 2 steprayer2, Diocese of Portsmouth Resources...

JBoss EAP Twiddle logs the JMX password

Twiddle in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by reading this file...

DAZ Studio code execution

Code execution via .ds, .dsa, .dse, .dsb...

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: AN Search it! ansearchit, Simple download-system with counter and categories kkdownloader, Automatic Base Tags for RealUrl ltbasetag, Trips mchtrips, simple Glossar simpleglossar, TW Productfinder...

Joomla Joaktree Component v1.0 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Joomla Joaktree Component v1.0 SQL Injection Vulnerability ========================================================== Software Information + Developer : Niels van Dantzig + Downloa...

IIS 0Day-the IIS of another parsing vulnerability that! Similar to a. asp at the end of the directory! - Vulnerability warning-the black bar safety net

When uploading images for x. asp;x. jpg, IIS automatically resolves to the asp format, So we just upload after x. asp;x. jpg such a form, you can perform our horses, tested, x.php;x. jpg is also possible to perform. ! ! The webshell file name changed 1. asp;. jpg Direct IE access is parsed into A...

The Dangers of Firefox Extensions

At the SecurityByte & OWASP AppSec Conference in India, Roberto Suggi Liverani and Nick Freeman offered insight into the substantial danger posed by Firefox extensions. Mozilla doesn’t have a security model for extensions and Firefox fully trusts the code of the extensions. There are no security...

DEBIAN-CVE-2009-3890

Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...

java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824)

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...

CVE-2009-3851

Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the...

Command injection

Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the...

CVE-2009-3851

CVE-2009-3851 is associated with Solaris 10 Trusted Extensions interfering with xscreensaver-demo, enabling easier access to an unattended workstation if screen locking fails. Connected Nessus patch records indicate affected platforms include Solaris 10 (x86 and sparc) with X11 6.6.2 patches, and...

CVE-2009-3851

Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the...

Code injection

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv37 through snv125, might allow remote attackers to execute arbitrary code by leveraging access to the X server...