Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit's...

DedeCms V5.6 plus/advancedsearch.php 任意sql语句执行漏洞

DedeCMS内容管理系统软件采用XML名字空间风格核心模板：模板全部使用文件形式保存，对用户设计模板、网站升级转移均提供很大的便利，健壮的模板标签为站长DIY 自己的网站提供了强有力的支持。高效率标签缓存机制：允许对类同的标签进行缓存，在生成 HTML的时候，有利于提高系统反应速度，降低系统消耗的资源。模型与模块概念并存：在模型不能满足用户所有需求的情况下，DedeCMS推出一些互动的模块对系统进行补充，尽量满足用户的需求。 plus/advancedsearch.php $sql 变量未初始化。导致鸡助漏洞 if$mid == 0 //必须绕过，By：俺是农村的。...

Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with how WebKit inserts...

ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability

ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-099 June 8, 2010 -- CVE ID: CVE-2010-1403 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPointTM IPS Customer...

DEBIAN-CVE-2010-0287

Directory traversal vulnerability in the ACL Manager plugin plugins/acl/ajax.php in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. dot dot in the ns parameter...

HTTP SOAP Verb/Noun Brute Force Scanner

This module attempts to brute force SOAP/XML requests to uncover hidden methods. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SOAP Verb/Noun Brute Force Scanner', 'Description' = %q Thi...

kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket

net/unix/afunix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service system hang by creating an abstract-namespace AFUNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket...

kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket

net/unix/afunix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service system hang by creating an abstract-namespace AFUNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket...

openSUSE Security Update : kernel (kernel-932)

This Linux kernel update for openSUSE 11.1 fixes lots of bugs and some security issues. The kernel was also updated to the 2.6.27.23 stable release. Following security issues have been fixed: CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows...

kernel: 'kill sig -1' must only apply to caller's pid namespace

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

Debian DSA-1800-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a sensitive memory leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0028 Chris Evans discovered a situation in which ...

CVE-2009-1360

The inet6checkestablished function in net/ipv6/inet6hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support aka NETNS is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via vectors involving IPv6 packets...

Command injection

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...

CVE-2009-1338

The CVE-2009-1338 issue is confirmed in the Linux kernel prior to 2.6.28, where the kill_something_info() function in kernel/signal.c did not respect PID namespaces when handling signals directed to PID -1. This allowed a local attacker to bypass namespace isolation and send signals to processes ...

Mozilla parsing error in E4X default namespace

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...

Mozilla Foundation Security Advisory 2008-58

Mozilla Foundation Security Advisory 2008-58 Title: Parsing error in E4X default namespace Impact: Low Announced: November 12, 2008 Reporter: Chris Evans Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.4 Firefox 2.0.0.18 Thunderbird 2.0.0.18 SeaMonkey 1.1.13 Description Security...

Mozilla parsing error in E4X default namespace

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...