Updated varnish packages fix CVE-2013-4484 and correct service behaviour

Updated varnish packages fix security vulnerabilities: Varnish before 3.0.5 allows remote attackers to cause a denial of service child-process crash and temporary caching outage via a GET request with trailing whitespace characters and no URI CVE-2013-4484. Also, the services have been converted...

SeaMonkey Multiple Vulnerabilities-01 (Feb 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

Mozilla Thunderbird Multiple Vulnerabilities-01 (Feb 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Feb 2014) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

Mozilla Firefox for Android < 27.0 Multiple Vulnerabilities

Binary data 8101.prm...

Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

RHEL 5 : JBoss EAP (RHSA-2013:1784)

An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.0 update (Low) (RHSA-2013:1785)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1785 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The HawtJNI Library...

HawtJNI: predictable temporary file name leading to local arbitrary code execution

The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...

MIUI-V5 pattern lock/shortcut key switch design flaw could lead to bypass-vulnerability warning-the black bar safety net

Brief description: Today the third to grab the Red rice, or did not grab, depressed and... It seems 9 months of the millet 3 is simply grab the rhythm of Ah, find F-Code, Xiaomi 3 or red rice can be. Don't know why, before submitting a no show.,,, a Detailed description: 1 require F Code. 2 is in...

DEBIAN-CVE-2013-4391

Integer overflow in the validuserfield function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow...

DEBIAN-CVE-2013-4393

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service logging service blocking via a crafted file descriptor...

CVE-2013-4391

Integer overflow in the validuserfield function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow...

CVE-2013-4393

journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service logging service blocking via a crafted file descriptor...

OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

[Binrev] Automate Reversing Windows Binaries for Pentesters

What you can do with this? Static analysis: you can do a basic manual code review for decompiled sources to discover hidden communication channels, search for hard-coded passwords, or SQL injection vulnerabilities. Import decompiled projects to an IDE to reconstruct and modify the original source...

Ruby Gem Features 0.3.0 Injection

Title: Features 0.3.0 Ruby gem file injection vulnerability Date: 9/1/2013 Author: Larry W. Cashdollar @larry0 Download: http://rubygems.org/gems/features Description: "Plaintext User Stories Parser supporting native programming languages. Especially Objective-C" Same vulnerability as...

Oracle E-Business Suite password disclosure vulnerability

Overview Oracle E-Business Suite 12.0-12.1, when used with the native login pages or single sign-on SSO / Oracle Access Management OAM with the native login pages, contains a credential exposure vulnerability. Description Oracle E-Business Suite administrators who have applied CPU patches for Jul...