CVE-2013-3561

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service loop or application crash via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector...

CVE-2013-3561

Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service loop or application crash via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector...

Fedora 18 : nginx-1.2.9-1.fc18 (2013-8182)

Update to upstream release 1.2.9 which fixes : - CVE-2013-2070 'denial of service or memory disclosure when using proxypass' fix build on platforms without gperftools Update to upstream release 1.4.0, which includes support for proxying of WebSocket connections, OCSP stapling, SPDY module, gunzip...

CVE-2012-6092

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

PT-2013-1884 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various vectors, including th...

Google Chrome 19.0.1084.52之前版本多个安全漏洞

BUGTRAQ ID: 53679 CVE ID: CVE-2011-3103,CVE-2011-3104,CVE-2011-3105,CVE-2011-3106,CVE-2011-3107,CVE-2011-3108,CVE-2011-3109,CVE-2011-3110,CVE-2011-3111,CVE-2011-3112,CVE-2011-3113,CVE-2011-3114,CVE-2011-3115 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome...

Mozilla Products Security Bypass Vulnerability - May12 (Windows)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12win.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Windows Authors: Rachan...

Mozilla Products Security Bypass Vulnerability - May12 (Mac OS X)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12macosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Mac OS X Authors:...

Mozilla Products Security Bypass Vulnerability (May 2012) - Mac OS X

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Mozilla Products Security Bypass Vulnerability (May 2012) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Firefox < 12.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 12.0 and thus, is potentially affected by the following security issues : - An error exists with handling JavaScript errors that can lead to information disclosure. CVE-2011-1187 - An off-by-one error exists in the 'OpenType Sanitizer' which can le...

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

Cross site scripting

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

WebSocket Traffic Over HTTP port

WebSocket allows bi-directional, full-duplex single socket connection between client and server...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...