RedHat Linux 6.1 i386 Tmpwatch Recursive Write DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1664/info Any user with write access to /tmp or /var/tmp, can induce tmpwatch to cause Red Hat and others runnng tmpwatch from cron to stop responding, and possibly require a hard reboot. This is accomplished by creating ...

Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)

当指定的元素设置white-space属性为pre-line时，IE会通过AllocData2Pos函数分配内存，并通过CTreeDataPos来实例化该内存块。 CTreeDataPos将作为CTreePos，其中保存了CTreePos对应元素（white-space属性为pre-line的元素）的CTreeNode地址，同时将其加入DOM树。...

XAMPP <= 1.7.3 multiple vulnerabilites

No description provided by source. / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , / / // / / / / / //// //|///||/,/ / /// Live by the byte |// Members: Pr0T3cT10n -=M.o.B.=- TheLeader Sro Debug Contact: [email protected] -----------------------------------...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : seamonkey (openSUSE-SU-2013:1491-1)

This seamonkey update to version 2.21 fixes several security and non-security issues : - update to SeaMonkey 2.21 bnc840485 - MFSA 2013-76/CVE-2013-1718/CVE-2013-1719 Miscellaneous memory safety hazards - MFSA 2013-77/CVE-2013-1720 bmo888820 Improper state in HTML5 Tree Builder with templates -...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)

Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. So...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779)

This update brings Mozilla XULRunner to the 1.9.1.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)

This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of thes...

MagicTree - Penetration Tester Productivity Tool

Have you ever spent ages trying to find the results of a particular portscan you were sure you did? Or grepping through a bunch of files looking for data for a particular host or service? Or copy-pasting bits of output from a bunch of typescripts into a report? We certainly did, and that's why we...

CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

Design/Logic Flaw

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

CVE-2014-1743

CVE-2014-1743 is a Blink use-after-free in StyleElement::removedFromDocument (core/dom/StyleElement.cpp) affecting Google Chrome prior to 35.0.1916.114. Exploitation could crash the application (DoS) with crafted JavaScript triggering tree mutations; other impact is noted as unspecified. Remediat...

CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

CVE-2014-1743

Removed by vendor...

CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

CVE-2014-2737

KnowledgeTree 3.7.0.2 and earlier is affected by a blind SQL injection in webservice/clienttools/services/mdownload.php. The vulnerability stems from an unparameterized query in KTAPI_UserSession.get_active_session, where an unvalidated u parameter is used in getFileName, allowing remote attacker...

CVE-2012-1834

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...

CVE-2012-1834

CVE-2012-1834 concerns the WordPress plugin CMS Tree Page View. The vulnerability is a persistent XSS in the cms_tpv_admin_head function (functions.php) that allows an attacker to inject arbitrary script/HTML via the cms_tpv_view parameter sent to wp-admin/options-general.php. Affected versions a...

CVE-2012-1834

Cross-site scripting XSS vulnerability in the cmstpvadminhead function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cmstpvview parameter to wp-admin/options-general.php...