Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 16.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-5842, CVE-2012-5843 - An error exists in the...

XMLHttpRequest inherits incorrect principal within sandbox — Mozilla

Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery CSRF or information theft via an add-on running untrusted code in a sandbox...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest aka XHR object...

CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest aka XHR object...

CVE-2012-2868

CVE-2012-2868 concerns Chromium/Google Chrome : a race condition between worker processes and an XMLHttpRequest (XHR) can lead to a denial of service and possibly other impact. Affected versions are before the fixed release, with remediation described as updating to a fixed Chromium version (21.0...

CVE-2012-2868

Removed by vendor...

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution

/ Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName alert124pt In addition,...

Ipswitch WhatsUp Gold 15.02 XSS / SQL Injection / Command Execution

/ Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName alert124pt In addition,...

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail...

Atmail Email Server Appliance 6.4 Stored XSS - CSRF - RCE

Exploit for linux platform in category remote exploits Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScrip...

SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

/ Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL: http://www.solarwinds.com/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012:...

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution

Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will initiate the installation of a special...

php5. 4. 3 remote code execution vulnerabilities, and provide the right kind of work-vulnerability warning-the black bar safety net

PHP comprinttypeinfovulnerability through PHP code to call"exec"to run the SHELL command With this mention of the right is not very convenient? // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant...

PHP 5.4.3 'com_print_typeinfo()'远程代码执行漏洞

PHP是一种HTML内嵌式的语言 PHP comprinttypeinfo存在一个安全漏洞，允许攻击者执行任意代码。此漏洞影响windows平台上的php版本，在windows平台上其"COM"函数作为PHP核心的一部分。攻击者需要上传恶意PHP代码到服务器，攻击者可以通过"exec"使用PHP运行SHELL命令 0 PHP 5.4.3 厂商解决方案 目前没有详细解决方案提供： http://www.php.net/ // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in...

PHP 5.4 Win32 Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

Mozilla Products Security Bypass Vulnerability - May12 (Windows)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12win.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Windows Authors: Rachan...

Mozilla Products Security Bypass Vulnerability (May 2012) - Mac OS X

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Mozilla Products Security Bypass Vulnerability - May12 (Mac OS X)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12macosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Mac OS X Authors:...

Mozilla Products Security Bypass Vulnerability (May 2012) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...