n.runs-SA-2009.005 - Apple Safari - Information disclosure

n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2009.005 23-Jun-2009 Vendor: Apple Inc., http://www.apple.com Affected Products: Safari Browser 3.2.3 all platforms Vulnerability: Information disclosure to Denial of Service Risk: MEDIUM Vendor communication: 2009/06/07 Bug found...

Ubuntu: Security Advisory (USN-781-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple iTunes 8.1.1 - ITMS Multiple Protocol Handler Buffer Overflow (Metasploit)

Apple iTunes 8.1.1 - ITMS Multiple Protocol Handler Buffer Overflow Metasploit $Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Debian DSA-1805-1 : pidgin - several vulnerabilities

Several vulnerabilities have been discovered in Pidgin, a graphical multi-protocol instant messaging client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1373 A buffer overflow in the Jabber file transfer code may lead to denial of service or the...

DSA-1805-1 pidgin - several vulnerabilities

Bulletin has no description...

Opera PDF Javascript Security Bypass Vulnerability (Linux)

The host is installed with Opera Web Browser and is prone to PDF Javascript Security Bypass Vulnerability. OpenVAS Vulnerability Test $Id: secpodoperapdfjsrestbypassvulnlin.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera PDF Javascript Security Bypass Vulnerability Linux Authors: Antu Sanadi...

Design/Logic Flaw

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that...

CVE-2009-1412

Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that...

CVE-2009-1412

Google Chrome before 1.0.154.59 is affected by CVE-2009-1412 via the chromehtml: protocol handler. A web page could set document.location to a chromehtml: value and, when launched from Internet Explorer, allow enumeration of local files and opening tabs for non‑IsWebSafe URLs, enabling potential ...

FreeBSD : nss -- exploitable buffer overflow in SSLv2 protocol handler (207f8ff3-f697-11d8-81b0-000347a4fa7d)

ISS X-Force reports that a remotely exploitable buffer overflow exists in the Netscape Security Services NSS library's implementation of SSLv2. From their advisory : The NSS library contains a flaw in SSLv2 record parsing that may lead to remote compromise. When parsing the first record in an SSL...

Stable Update: Security Fix

Edit 24 April: Removed "Such an attack only works if Chrome is not already running." Google Chrome's Stable channel has been updated to 1.0.154.59 to fix a security issue: CVE-2009-1412 ChromeHTML protocol handler same-origin bypass An error in handling URLs with a chromehtml: protocol could allo...

Ubuntu Update for gaim vulnerability USN-675-2

Ubuntu Update for Linux kernel vulnerabilities USN-675-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN6752.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for gaim vulnerability USN-675-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu Update for linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities USN-464-1

Ubuntu Update for Linux kernel vulnerabilities USN-464-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4641.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux-source-2.6.15/2.6.17/2.6.20 vulnerabilities USN-464-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone...

CentOS Update for pidgin CESA-2008:0584 centos3 x86_64

Check for the Version of pidgin OpenVAS Vulnerability Test CentOS Update for pidgin CESA-2008:0584 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Safari 3.2.1 Null Dereference

Safari 3.2.1 for windows safariUrl protocol Handler abussenull Deference Vendor:http://www.apple.com original advisore:http://lostmon.blogspot.com/2009/01/ safari-321-for-windows-safariurl.html vendor notify:YES Exploit available: Private This article is a "second" part of :...

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code

When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open. Some external applications do not ensure that t...

Startup crash can allow execution of arbitrary code – Opera Security Advisories

Startup crash can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this...

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories

Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Extremely Severe Problem Description When an application attempts to access a URL that uses a protocol that it does not understand, it may...

Startup crash can allow execution of arbitrary code

When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed...

Moderate: Red Hat Security Advisory: pidgin security and bug fix update

Updated Pidgin packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pidgin is a multi-protocol Internet Messaging client. A denial-of-service...