Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service heap memory...

JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

UBUNTU-CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...

Ubuntu: Security Advisory (USN-2154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iOS 7 Bug Could Allow Background Monitoring

It’s only been a few days since Apple fixed the nasty certificate-validation “goto fail” vulnerability in iOS and OSX and now word comes that another bug, one that could allow an attacker to monitor keystrokes on iOS 7 devices without the user being any the wiser, also exists. The problem...

[SECURITY] [DSA 2860-1] parcimonie security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2860-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 11, 2014 http://www.debian.org/security/faq -...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via 1 the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or 2 the wlan-url parameter to...

Code injection

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPPLOCKFILEROOT environment variable...

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting Exploit Title:stored vulnerability Author: sajith version: ImpressPages CMS v3.8 vulnerable app link:http://www.impresspages.org/download/ steps: 1 log into the admin panel http://127.0.0.1/cms/ImpressPages/?cmsaction=manage 2click on advance...

XSS in admin/ViewIssueFields.jspa

Reproduction: 1. Create custom fields with alert1 in name and/or description. 2. Go to 'Field Configurations' 3. Click 'Add Field Configuration', enter any text in 'Name' 4. Hit okay and wait for the page to refresh 5. Choose the config you just made - XSSed...

Fedora 19 : zeroinstall-injector-2.3-1.fc19 (2013-12414)

Enhancements : - upstream now ships an experimental OCaml front-end, this is not yet enabled - Add fish-shell command completion - Allow relative files in and for local feeds. This makes it easy to test feeds before passing them to 0repo. Bug fixes : - Better handling of default=' in bindings. Th...

activemq: Multiple XSS flaws in web demos

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

ActiveMQ: XSS vulnerability in portfolioPublish demo application

Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...

Novell iManager Multiple Vulnerabilities

The host is running Novell iManager and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovellimanagermultvuln.nasl 6079 2017-05-08 09:03:33Z teissa $ Novell iManager Multiple Vulnerabilities Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks...

CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

Code injection

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

PT-2013-1884 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various vectors, including th...

Oracle WebCenter Sites Satellite Server - HTTP Header Injection

Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...

sssd security, bug fix and enhancement update

1.9.2-82 - Resolves: rhbz888614 - Failure in memberof can lead to failed database update 1.9.2-81 - Resolves: rhbz903078 - TOCTOU race conditions by copying and removing directory trees 1.9.2-80 - Resolves: rhbz903078 - Out-of-bounds read flaws in autofs and ssh services responders 1.9.2-79 -...