Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...

Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk

More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...

OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security...

Critical issues affecting Steam users

We have just released a paper 1, in which we prove that the current implementation of the Steam Browser Protocol handling mechanism is an excellent attack vector to exploit local issues in a remote fashion. Steam 2 is the biggest gaming related digital delivery platform with an audience of more...

UBUNTU-CVE-2012-5112

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors...

openssl: record length handling integer underflow

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities

AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamical...

minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55577/info minimal Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

CVE-2012-2775

Unspecified vulnerability in the readvarblockdata function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quantcof."...

Design/Logic Flaw

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients numveccoeffs...

CVE-2012-2789

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients numveccoeffs...

CVE-2012-2789

Unspecified vulnerability in the avireadpacket function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large number of vector coded coefficients numveccoeffs...

Slackware: Security Advisory (SSA:2012-176-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors...

Ubuntu Update for firefox USN-1548-1

Ubuntu Update for Linux kernel vulnerabilities USN-1548-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15481.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for firefox USN-1548-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2012:147)

Security issues were identified and fixed in mozilla thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

Fedora Update for thunderbird FEDORA-2012-12892

Check for the Version of thunderbird OpenVAS Vulnerability Test Fedora Update for thunderbird FEDORA-2012-12892 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CVE-2011-5130

dev/less.php in Family Connections CMS FCMS 2.5.0 - 2.7.1, when registerglobals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv1 parameter...