CVE-2012-4759

CVE-2012-4759 describes an untrusted search path vulnerability in Foxit Reader’s Facebook plug-in (facebook_plugin.fpi). A local attacker could gain privileges by placing a Trojan horse dwmapi.dll in the current working directory while Foxit Reader 5.3.1.0606 is running, as demonstrated by a dire...

Critical: Red Hat Security Advisory: java-1.7.0-oracle security update

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

RHEL 6 : java-1.7.0-oracle (RHSA-2012:1225)

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.6.0-openjdk RHSA-2012:1221-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow

====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...

DEBIAN-CVE-2012-3481

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted height and len properties in a GIF image...

CVE-2012-3481

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted height and len properties in a GIF image...

plug-in): Heap-based buffer overflow by loading certain GIF images

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted height and len properties in a GIF image...

plug-in): Heap-based buffer overflow by loading certain GIF images

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted height and len properties in a GIF image...

PT-2012-1072 · Gnu +3 · Gimp +3

Name of the Vulnerable Software and Affected Versions: gimp-libs version 2.6.9 gimp-devel-tools version 2.6.9 gimp-help-browser version 2.6.9 gimp-devel version 2.6.9 gimp-debuginfo version 2.6.9 gimp version 2.6.9 gimp version 2.8.x and earlier Description: The issue concerns multiple...

Scientific Linux Security Update : pidgin on SL4.x, SL5.x i386/x86_64

Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC Secure Internet Live Conferencing protocol plug-in escaped certain UTF-8 characters. A remote attacke...

Scientific Linux Security Update : evolution28 on SL4.6 i386/x86_64

A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. CVE-2008-1108 Note: the Itip Formatte...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776,...

Plug-in content may monitor keystrokes on unrelated pages

Plug-ins may use operating system features to detect key presses when the plug-in is focused. If the plug-in does not detect its own focused state correctly, it can detect key presses when other pages are focused, allowing the plug-in content to detect key presses intended for pages from other...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-1200 A flaw was found in the way browser plug-ins interac...

Scientific Linux Security Update : spice-xpi on SL5.x,SL6.x i386/x86_64

An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefo...

Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64

The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. A race condition was found in the way the SPICE Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

Scientific Linux Security Update : qspice-client on SL5.x i386/x86_64

The qspice-client package provides the client side of the SPICE protocol. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into communicating over an...

Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64

Flaws in the JRE allowed an untrusted application or applet to elevate its privileges. This could be exploited by a remote attacker to access local files or execute local applications accessible to the user running the JRE CVE-2008-1185, CVE-2008-1186 A flaw was found in the Java XSLT processing...

CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...