Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier.

Cross-site request forgery CSRF vulnerability in doorkeeper 1.4.0 and earlier allows remote attackers to hijack the user's OAuth autorization code. This vulnerability has been assigned the CVE identifier CVE-2014-8144. Doorkeeper's endpoints didn't have CSRF protection. Any HTML document on the...

CVE-2014-8967

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...

CVE-2014-8967

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets CSS token sequence specifying the run-in value for the display property, leading to improper CElement reference...

Design/Logic Flaw

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365...

CVE-2014-6328

Microsoft Internet Explorer 8–11 is affected by CVE-2014-6328, a remote vulnerability where an attacker can bypass the built-in XSS filter by crafting an attribute of an HTML element in a page. The issue is distinct from CVE-2014-6365 and is addressed by Microsoft’s MS14-080 update. Affected prod...

CVE-2014-6365

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6328...

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

Stack overflow

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

CVE-2014-8388

Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin WebAccess, before 8.0 allows remote attackers to execute arbitrary code via a crafted ipaddress parameter in an HTML document...

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

Design/Logic Flaw

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

Microsoft Internet Explorer 5/6 GetObject File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3767/info A flaw exists in Microsoft Internet Explorer that may allow a remote attacker to view known files on a target system when a user views web content containing a specially crafted script. The problem occurs when t...

Microsoft Internet Explorer 6 %USERPROFILE% File Execution Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7826/info Microsoft Internet Explorer is prone to an issue which could permit an attacker to load a known, existing file in a user's temporary directory or possibly other directories in a user's profile. It is possible to...

Microsoft Internet Explorer 5.0.1 TBLinf32.DLL ActiveX Control Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25289/info The Microsoft Visual Basic 6 TypeLib Information Library TLI ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously...

Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24499/info Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing victims into opening a maliciously...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1644-1)

update to SeaMonkey 2.22 bnc847708 - rebased patches - requires NSS 3.15.2 or higher - MFSA 2013-93/CVE-2013-5590/CVE-2013-5591/CVE-2013-5592 Miscellaneous memory safety hazards - MFSA 2013-94/CVE-2013-5593 bmo868327 Spoofing addressbar through SELECT element - MFSA 2013-95/CVE-2013-5604...

openSUSE Security Update : seamonkey (seamonkey-4074)

Mozilla SeaMonkey was updated to version 2.0.12, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

CVE-2014-1525

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory...

CVE-2014-2185

The Call Detail Records CDR Management component in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive information by reading extraneous fields in an HTML document, aka Bug ID CSCun74374...