CVE-2012-2851

Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...

CVE-2012-2855

Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...

CVE-2012-2856

CVE-2012-2856 affects Google Chrome’s PDF functionality on Mac OS X, Linux, Windows and Chrome Frame, where out-of-bounds write vectors could be triggered to cause a denial of service or other impact. The vulnerability is tied to Chrome versions before 21.0.1180.57 (Mac/Linux) and before 21.0.118...

CVE-2012-2855

CVE-2012-2855 is a use-after-free flaw in Google Chrome’s PDF viewer. The vulnerability, exploitable via a crafted PDF, can cause a denial of service and possibly other impact. Affected: Chrome before 21.0.1180.57 on macOS/Linux and before 21.0.1180.60 on Windows/Chrome Frame. Mitigation: update ...

CVE-2012-2852

Removed by vendor...

CVE-2012-2856

Removed by vendor...

CVE-2012-2851

Removed by vendor...

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120718)

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFYSOURCE protection...

Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120718)

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca. This...

PHP security vulnerabilities

phpstreamscandir overflow, SQLite functionality openbasedir protection bypass...

httpdx 1.5.4 Heap Overflow

!/usr/bin/perl -w ====================================================================== Exploit Title: httpdx UnhandledExceptionFilter ====================================================================== use strict; use IO::Socket::INET; target my $host = "127.0.0.1"; The perl|php|py|.. page t...

Black Hat: Phishing E-Mail Scare A False Alarm

The annual Black Hat Briefings hacker conference got off to a rocky start Sunday after thousands of registered attendees received a fishy smelling “account password reset” e-mail that contained a suspicious URL. But a message from conference organizers hours later said the errant e-mail was no...

Black Hat: Phishing E-Mail Scare A False Alarm

The annual Black Hat Briefings hacker conference got off to a rocky start Sunday after thousands of registered delegates to the Black Hat Briefings hacker conference in Las Vegas received a fishy smelling “account password reset” e-mail that contained a suspicious URL. But a message from conferen...

Authorization

The remote SVN views functionality lib/vclib/svn/svnra.py in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors...

CVE-2011-4592

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron...

Eaton Network Shutdown Module Default Administrator Credentials

The remote Eaton Network Shutdown Module install uses a default set of credentials to control access to its administrative functionality. With this information, an attacker can gain complete access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2011-4282

Multiple cross-site scripting XSS vulnerabilities in the course-tags functionality in tag/coursetagsmore.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 sort or 2 show parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the course-tags functionality in tag/coursetagsmore.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 sort or 2 show parameter...

CVE-2011-4294

CVE-2011-4294 describes an open redirect flaw in Moodle’s error-message handling. In Moodle 1.9.x (before 1.9.13), 2.0.x (before 2.0.4), and 2.1.x (before 2.1.1), continuation links in error messages are not guaranteed to point to http(s) URLs of the local Moodle instance, enabling attackers to l...

CVE-2012-2844

The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service incorrect object access or possibly have unspecified other impact via a crafted document...