CVE-2013-1695

Concretely, CVE-2013-1695 affects Mozilla Firefox before 22.0 and is caused by incorrect DocShell inheritance handling of the sandbox attribute on IFRAME elements. This weakness allows a FRAME inside an IFRAME to bypass intended access restrictions. The MFSA reference confirms the issue as Sandbo...

Mozilla Firefox Multiple Vulnerabilities - June 13 (Windows)

The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmozillafirefoxmultvulnjun13win.nasl 6086 2017-05-09 09:03:30Z teissa $ Mozilla Firefox Multiple Vulnerabilities - June 13 Windows Authors: Arun Kallavi Copyright: Copyright c...

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of new ideas-vulnerability warning-the black bar safety net

A, summary In Ognl expression, it will be in parentheses“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack ideas. By the malicious code is stored into a variable, and then call in Ognl expressions in the function that...

Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnnov12win.nasl 5977 2017-04-19 09:02:22Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright...

XMLHttpRequest inherits incorrect principal within sandbox — Mozilla

Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery CSRF or information theft via an add-on running untrusted code in a sandbox...

Data URIs can be used to facilitate Cross-Site Scripting – Opera Security Advisories

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

User can upload attachments to restricted pages that adopt restrictions from parent page

Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...

Microsoft .NET Framework / Silverlight类继承限制漏洞(MS11-078)

CVE ID: CVE-2011-1508 .NET Framework是用于Windows的新托管代码编程模型，用于构建具有视觉上引人注目的用户体验的应用程序，实现跨技术边界的无缝通信，并且能支持各种业务流程。Silverlight 是一种新的 Web 呈现技术，能在各种平台上运行。 Microsoft .NET Framework和Microsoft Silverlight在类继承的实现上存在安全漏洞，恶意用户可通过特制的网页利用此漏洞控制用户系统。要成功利用，需要浏览器可以运行XBAPs或Silverlight应用程序。 Microsoft .NET Framework 4.x...

CVE-2011-1253

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, 3 a crafted .NE...

Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, 3 a crafted .NE...

CVE-2011-1253

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, 3 a crafted .NE...

PT-2011-2991 · Microsoft · .Net Framework +1

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 Silverlight versions prior to 4.0.60831 Description: A remote code execution issue exists due to improper restriction of inheritance within classes. This allows remote...

Microsoft .Net and Silverlight Framework Remote Code Execution (MS11-078; CVE-2011-1253)

A remote code execution vulnerability has been reported in Microsoft .NET Framework and Silverlight framework. The vulnerability is due to the way that .NET Framework and Silverlight framework restrict inheritance within classes. A remote attacker may exploit this vulnerability by enticing...

Page view restriction is not inheriting to child pages in some spaces

When a new page is created using the create-page macro the child page does not have restrictions inherited. This is only happening for a few spaces. If I try the same macro in another space it will work fine. I have rebuilt the ancestors table but this issue is still happening. Please advise...

Design/Logic Flaw

perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and...

CVE-2010-2896

IBM FileNet Content Manager CM 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors...

Fedora Update for python-mako FEDORA-2010-10544

Check for the Version of python-mako OpenVAS Vulnerability Test Fedora Update for python-mako FEDORA-2010-10544 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 12 Update: python-mako-0.3.4-1.fc12

Mako is a template library written in Python. It provides a familiar, non-X ML syntax which compiles into Python modules for maximum performance. Mako's syntax and API borrows from the best ideas of many others, including Django templates, Cheetah, Myghty, and Genshi. Conceptually, Mako is an...

kernel: futex: Handle user space corruption gracefully

The wakefutexpi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance PI futex, which allows local users to cause a denial of service OOPS and possibly have unspecified other impact via vectors involving...