Privilege escalation through Mozilla Maintenance Service — Mozilla

Security researcher Frédéric Hoguin discovered that the Mozilla Maintenance Service on Windows was vulnerable to a buffer overflow. This system is used to update software without invoking the User Account Control UAC prompt. The Mozilla Maintenance Service is configured to allow unprivileged user...

Privilege escalation through Mozilla Updater and Windows Updater Service — Mozilla

Security researcher James Forshaw of Context Information Security found two issues with the Mozilla updater and the Mozilla updater service introduced in Firefox 12 for Windows. The first issue allows Mozilla's updater to load a local DLL file in a privileged context. The updater can be called by...

RedHat Update for thunderbird RHSA-2011:1343-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2011:1343-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

seamonkey security update

CentOS Errata and Security Advisory CESA-2011:1344 Updated seamonkey packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base...

cPassMan v1.82 Arbitrary File Download

Exploit for php platform in category web applications Sense of Security - Security Advisory - SOS-11-004 Release Date. 15-Apr-2011 Last Update. - Vendor Notification Date. 7-Mar-2011 Product. Collaborative Passwords Manager cPassMan Platform. Independent PHP Affected versions. 1.82 verified, and...

Zipserver 1.0 Directory Traversal

============================================================================================================ //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

Zervit 0.4 Directory Traversal

============================================================================================================ //\ /\ /\ /\ /\ /\ ///\ //\ /\ /\///\ // \ // //\ \ / //\ \ / // //\ \ /\\ \ \ \ / / / / // \ \ // // // // \ // //\ \\ \ // /// \ \ / \ / // / // / / / / / \ \ / / / ...

Adobe Download Manager AOM File Section Name Buffer Overflow (CVE-2006-5856)

Adobe produces and distributes a custom Download Manager utility which is usually utilized for Adobe product updates and downloads. The Download Manager normally sets up file association entries in the Windows registry upon installation that associate it with the AOM file type. A buffer overflow...

Linux kernel local filesystem DoS

The 1 reallookup and 2 lookuphash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted aka SDEAD directory, which allows local users to cause a denial of service "overflow" of the UBIFS orphan area via a...

Design/Logic Flaw

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs...

Vulnerability in Internet Explorer

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в Internet Explorer. При сохранении страницы со “специальным” URL, в коде страницы сохраняется XSS код. И происходит выполнение XSS кода при открытии данной страницы причём её открытии в любом браузере, не только в...

Microsoft DHTML Drag-and-Drop events insufficiently validated

Overview Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description Microsoft Drag-and-Drop events do not proper...

IceWarp Web Mail 3.3.25.2.7 - Multiple Remote Input Validation Vulnerabilities

IceWarp Web Mail 3.3.25.2.7 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/10920/info IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. It is reported that these issues may be exploited by a remote attacker to conduct SQ...

IceWarp Web Mail 3.3.2/5.2.7 - Multiple Remote Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/10920/info IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. It is reported that these issues may be exploited by a remote attacker to conduct SQL Injection, Account Manipulation, Cross-site Scripting, Information disclosure...

Microsoft Internet Explorer allows mouse events to manipulate window objects and perform "drag and drop" operations

Overview Microsoft Internet Explorer IE dynamic HTML DHTML mouse events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description In IE, certain DHT...

[LSD] Java and JVM security vulnerabilities

We would like to inform you about several security vulnerabilities in Java Virtual Machine implementations that we have found during our research. These vulnerabilities affect at least JVMs used in Netscape Communicator and Microsoft Internet Explorer web browsers. Below you can find their brief...

Дырка в Anaconda Foundation Directory

Ошибка "нулевого байта" позволяет обратиться к любому локальному файлу...