1268 matches found
DSA-2930-1 chromium-browser - security update
Bulletin has no description...
Google Fixes Three Critical Vulnerabilities in Chrome
UPDATE: An earlier version of this story included the incorrect version of Chrome. Google yesterday released a stable channel update for Chrome, paying some $4,500 worth of bug bounties, and fixing three highly rated security vulnerabilities in the Windows, Mac, and Linux versions of its popular...
Updated chromium-browser-stable packages fix multiple vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities: A type confusion issue was discovered in the v8 javascript library CVE-2014-1730. John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation CVE-2014-1731. Khalil Zhani discovered a...
Debian DSA-2920-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2014-1730 A type confusion issue was discovered in the v8 JavaScript library. - CVE-2014-1731 John Butler discovered a type confusion issue in the WebKit/Blink document object model implementation. - CVE-2014-1732...
[SECURITY] Fedora 19 Update: json-c-0.11-6.fc19
JSON-C implements a reference counting object model that allows you to easi ly construct JSON objects in C, output them as JSON formatted strings and parse JSON formatted strings back into the C representation of JSON objects...
Fedora Update for json-c FEDORA-2014-5006
Check for the Version of json-c OpenVAS Vulnerability Test Fedora Update for json-c FEDORA-2014-5006 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass...
Having fun with
Did you know that this works in every browser? Look, here's one: An image You might think it's leaking from SVG, but SVG images don't use src, they use xlink:href. Let's all take a moment to laugh at xlink. Done? Ok… In the first age of the web, some people accidentally typed instead of . Browser...
Use after free mutating DOM during SetBody — Mozilla
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...
CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
Sql injection
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports: Extbase Framework - Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and...
Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts
Security researcher Shahin Ramezany developed an XSS proof-of-concept exploit that he claims puts some 400 million Yahoo Mail users at risk of having their accounts taken over. In a video posted on YouTube last night, Ramezanydemonstrated an exploit for what he claims is a document object...
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
A race condition flaw was found in the way SeaMonkey handled Document Object Model DOM element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3765 After installi...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Critical: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...
Apple Safari WebKit Range Object Remote Code Execution (CVE-2011-0115)
A Remote attacker can exploit this vulnerability by enticing an unsuspecting target user to open a maliciously crafted web page. Successful exploitation of this vulnerability may enable an attacker to execute code in an affected system in the security context of the logged in user. A remote code...