Debian: Security Advisory (DSA-2883-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2862-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-6641 Atte Kettunen discovered a use-after-free issue in Blink/Webkit form elements. - CVE-2013-6643 Joao Lucas Melo Brasio discovered a Google account information disclosure issue related to the one-click sign-on...

DSA-2862-1 chromium-browser - several

Bulletin has no description...

Updated chromium-browser-stable fixes multiple vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Pinkie Pie discovered multiple memory corruption issues CVE-2013-6632. Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper CVE-2013-6634. cloudfuzzer discovered use-after-fr...

FlashCanvas 'proxy.php'跨站脚本漏洞

Bugtraq ID:64251 CVE ID:CVE-2013-6880 FlashCanvas是一个JavaScript库，可使Internet Explorer支持HTML5 Canvas。 FlashCanvas 'proxy.php'脚本不充分校验Referer Header数据，允许远程攻击者利用漏洞提交特制的GET请求，可获取敏感信息或劫持用户会话。 0 FlashCanvas 1.5 厂商补丁： FlashCanvas ----- FlashCanvas 1.6已经修复该漏洞，请到厂商的主页下载： http://flashcanvas.net/...

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 [email protected] http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2811-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing...

Debian: Security Advisory (DSA-2811-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2785-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2013-2906 Atte Kettunen of OUSPG discovered race conditions in Web Audio. - CVE-2013-2907 Boris Zbarsky discovered an out-of-bounds read in window.prototype. - CVE-2013-2908 Chamal de Silva discovered an address bar...

[SECURITY] [DSA 2732-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2732-1 [email protected] http://www.debian.org/security/ Michael Gilbert July 31, 2013 http://www.debian.org/security/faq -...

Debian DSA-2732-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling. - CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 JavaScript library. - CVE-2013-2883 Cloudfuzzer...

Debian Security Advisory DSA 2732-1 (chromium-browser - several vulnerabilities)

Several vulnerabilities have been discovered in the Chromium web browser. CVE-2013-2881 Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling. CVE-2013-2882 Cloudfuzzer discovered a type confusion issue in the V8 javascript library. CVE-2013-2883 Cloudfuzzer...

[SECURITY] Fedora 17 Update: python-tw2-jquery-2.0.3-5.fc17

toscawidgets2 tw2 aims to be a practical and useful widgets framework that helps people build interactive websites with compelling features, fast er and easier. Widgets are re-usable web components that can include a templat e, server-side code and JavaScripts/CSS resources. The library aims to b...

YUI JavaScript library -- JavaScript injection exploits in Flash components

The YUI team reports: Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. If your site loa...

[SECURITY] Fedora 18 Update: guacamole-common-js-0.6.1-2.fc18

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

Cloupia End-to-end FlexPod Management Directory Traversal

Exploit for jsp platform in category web applications Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides end-to-end FlexPod management and...

FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (d560b346-08a2-11e0-bcca-0050568452ac)

The YUI team reports : A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. %NASLMINLEVEL 70300 C Tenable Network...

Multiple DOM-Based XSS in Dojo Toolkit SDK

=========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science [email protected] Affected Software: Dojo Toolkit SDK = Build 1.4.1 Browser used for testing: IE8 8.0.7600.16385 Severity:...

Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications ========================================================== Dojo Toolkit SDK v1.4.1 Cross Site Scripting Vulnerability ========================================================== ===========================================================...

Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities

The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities : - A design error vulnerability may allow an attacker to gain control of a user's printer. - Multiple stack-based buffer overflows may allow...