ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-141 August 5, 2010 -- CVE ID: CVE-2010-1786 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Apple -- Affected Products: Apple Safari --...

Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's...

Google Chrome Multiple Unspecified Vulnerabilities - July 10

The host isnstalled with Google Chrome and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultunspecifiedvulnjul10.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome Multiple Unspcified Vulnerabilities - July 10 Authors: Madhuri D Copyright:...

Debian DSA-2075-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently...

CVE-2010-2899

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors...

CVE-2010-2899

Removed by vendor...

Frog CMS 0.9.5 Cross Site Request Forgery

Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF PoC 2 - Delete User =- -= CSRF PoC 3...

Fedora Update for python-mako FEDORA-2010-10544

Check for the Version of python-mako OpenVAS Vulnerability Test Fedora Update for python-mako FEDORA-2010-10544 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Frog CMS 0.9.5 Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications ============================================ Frog CMS 0.9.5 Multiple CSRF Vulnerabilities ============================================ Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download:...

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF...

Frog CMS 0.9.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Sun 11 Jul 2010 10:22:48 AM EEST Vendor: http://www.madebyfrog.com/ Download: http://www.madebyfrog.com/public/download/files/frog095.tar.gz --- -= CSRF PoC 1 - Create Admin User =- Frog CMS 0.9.5 Multiple CSRF Vulnerabilities - Create Admin User -= CSRF PoC 2 - Delete User =- img...

[SECURITY] Fedora 12 Update: python-mako-0.3.4-1.fc12

Mako is a template library written in Python. It provides a familiar, non-X ML syntax which compiles into Python modules for maximum performance. Mako's syntax and API borrows from the best ideas of many others, including Django templates, Cheetah, Myghty, and Genshi. Conceptually, Mako is an...

Debian DSA-2064-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0183 'wushi' discovered that incorrect pointer handling in the frame processing code could...

Joomla Component com_jejob SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================================== Joomla Component comjejob SQL Injection Vulnerability ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 ...

linux/x86-64 Disable ASLR Security 143 bytes

Exploit for linux/x86-64 platform in category shellcode ============================================ linux/x86-64 Disable ASLR Security 143 bytes ============================================ / Title: Linux/x86-64 - Disable ASLR Security - 143 bytes Date: 2010-06-17 Tested: Archlinux x8664 k2.6.33...

CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to a layout change during selection...

CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to a layout change during selection...

EUVD-2010-1425

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to a layout change during selection...

CVE-2010-1397

CVE-2010-1397 is a use-after-free in WebKit used by Safari (and related WebKit deployments) that can allow remote code execution or a crash through a layout-change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in an unspecified container. Affected: Safari before 5.0 ...