Adobe Flash Player Cross-Site-Scripting (APSB14-16: CVE-2014-0532)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted web-pages. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Sun Java Plug-In 1.4.2 _01 Cross-Site Applet Sandbox Security Model Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8857/info A vulnerability has been reported in Java implementations that may potentially allow Java applets from two different domains to violate the sandbox security model and share read/write access to data areas. This...

BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2)

No description provided by source. !/usr/bin/env python BigAnt Server = 2.50 SP6 Local ZIP File Buffer Overflow PoC 2 Found By: DrIDE Tested: XPSP3 Usage: Open BigAnt Console, Go to Plug-In, Add our zip, Boom. buff = \x41 10000 f1 = openBigAntPlugIn.zip,w f1.writebuff f1.close milw0rm.com 2009-09...

Half-Life StatsMe 2.6.x Plug-in MakeStats Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6578/info The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute...

C'Nedra 0.4 Network Plug-in Read_TCP_String Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13781/info C'Nedra Network Plug-in is prone to a remotely exploitable buffer overflow vulnerability. The issue exists in the 'gamemessagefunctions.cpp' source file and is due to inadequate bounds checking of user-supplied...

Sun Java Runtime Environment 1.4.x Font Object Assertion Failure Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10623/info The Sun Java Runtime Environment Font object is reportedly vulnerable to an assertion failure denial of service vulnerability. This issue is due to a failure of the process to handle exceptional conditions when...

AlsaPlayer 0.99.x - Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25969/info AlsaPlayer is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue allows...

SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24828/info Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize...

eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14176/info The eRoom plug-in is prone to an insecure file download handling vulnerability. The issue is due to a design fault, where files that are shared by users are apparently passed to default file handlers when...

Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

No description provided by source. Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context o...

Sun Java Runtime Environment 1.x Java Plug-in JavaScript Security Restriction Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11726/info A vulnerability is reported to exist in the access controls of the Java to JavaScript data exchange within web browsers that employ the Sun Java Plug-in. Reports indicate that it is possible for a malicious...

Sun Java Applet 1.x - Invocation Version Specification Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11757/info Java provides support for dynamic and static versioning when loading applets in the Java plug-in. This means that during the invocation of an applet, a user can request that a particular version of a plug-in be...

Viewpoint Media Player for IE 3.2 - Remote Stack Overflow PoC

No description provided by source. pre codespan style=font: 10pt Courier New;span class=general1-symbolbody bgcolor=E0E0E0----------------------------------------------------------------------------- bViewpoint Media Player for IE 3.2 AxMetaStream.dll Remote Stack Overflow/b url:...

Sun Java Plug-In 1.4 Unauthorized Java Applet Floppy Access Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java security model. This issue was...

RHEL 5 / 6 : flash-plugin (RHSA-2014:0745)

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which...

Critical: Red Hat Security Advisory: flash-plugin security update

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which...

Adobe Flash Player Cross-Site Scripting (APSB14-09: CVE-2014-0509)

A cross-site scripting vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in the way the browser and the plug-in handle specially crafted URLs. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...

LinkedIn Sends Cease-and-Desist to Sell Hack Plug-In Maker

UPDATE: The makers of the controversial Sell Hack browser plug-in responded this afternoon to a cease-and-desist order from LinkedIn and confirmed their extension no longer works on LinkedIn pages and that all of the publicly visible data it had processed from LinkedIn profiles has been deleted...

RHEL 5 / 6 : flash-plugin (RHSA-2014:0289)

An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...