Paypal Inc #105 MOS - Multiple Print Layout Vulnerabilities

Document Title: =============== Paypal Inc 105 MOS - Multiple Print Layout Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1039 PayPal Security UID: xE1128lV Release Date: ============= 2013-10-14 Vulnerability Laboratory ID VL-ID:...

GLSA-201309-23 : Mozilla Products: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201309-23 Mozilla Products: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. Impact : A remote...

Internet Explorer zero-day exploit used watering hole attacks to target Japanese users

Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft’s Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...

CVE-2013-1732

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...

Buffer overflow

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...

Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89)

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...

CVE-2013-1732

Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats...

Xibo - layout HTML Injection

Xibo - layout HTML Injection source: https://www.securityfocus.com/bid/62063/info Xibo is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially...

Mitigating the LdrHotPatchRoutine DEP/ASLR bypass with MS13-063

Today we released MS13-063 which includes a defense in depth change to address an exploitation technique that could be used to bypass two important platform mitigations: Address Space Layout Randomization ASLR and Data Execution Prevention DEP. As we’ve described in the past, these mitigations pl...

[SECURITY] Fedora 18 Update: bluetile-0.6-13.fc18

Bluetile is a tiling window manager for Linux, designed to integrate with the GNOME desktop environment. It provides both a traditional, stacking lay out mode as well as tiling layouts where windows are arranged to use the entire screen without overlapping. Bluetile tries to make the tiling...

Solving rendering performance puzzles

You're missing demos in this post because JavaScript or inline SVG isn't available. The Chrome team are often asked to show the process of debugging a performance issue, including how to select tools and interpret results. Well, I was recently hit by an issue that required a bit of digging, here'...

Adobe PageMaker Detection

The remote host has Adobe PageMaker installed. Adobe PageMaker is page layout software that was discontinued and succeeded by Adobe InDesign. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69098; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate...

OpenJDK: Incorrect image layout verification (2D, 8012601)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image layout verification (2D, 8012601)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Incorrect image layout verification (2D, 8012601)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

Oracle Linux 5 : kernel (ELSA-2013-1034-1)

From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

Oracle Linux 6 : java-1.7.0-openjdk (ELSA-2013-0751)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0751 advisory. 1.7.0.19-2.3.9.1.0.1.el64 - Update DISTRONAME in specfile 1.7.0.19-2.3.9.1.el6 - updated to updated IcedTea 2.3.9 with fix to one of security fixes -...

Oracle Linux 5 : kernel (ELSA-2013-0168)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0168 advisory. - x86 mm: randomize SHLIBBASE Petr Matousek 804953 804954 CVE-2012-1568 - net ipv6: discard overlapping fragment Jiri Pirko 874837 874838 CVE-2012-4444...

Kernel: sa_restorer information leak

The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...

RHEL 5 : kernel (RHSA-2013:1034)

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...