91 matches found
perl: improper input validation
Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint...
openSUSE Security Update : rubygem-bundler (openSUSE-2015-275)
rubygem-bunder was updated to fix security vulnerabilities and non-security issues The following security issues were fixed : - Hide credentials while warning about gems with ambiguous sources - Warn when more than one top-level source is present - Bundler may install gems from a different source...
Windows Service Trusted Path Privilege Escalation
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require...
Mozilla SeaMonkey 2.x < 2.9.0 Multiple Vulnerabilities
Binary data 801320.prm...
Mozilla Thunderbird < 12 Multiple Vulnerabilities
Binary data 801261.prm...
Mozilla Firefox <= 11 Multiple Vulnerabilities
Binary data 801359.prm...
Windows Service Trusted Path Privilege Escalation
Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/post/common' require...
Windows Service Trusted Path Privilege Escalation
This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...
Mozilla Thunderbird < 12.0 Multiple Vulnerabilities
The installed version of Thunderbird is earlier than 12.0 and thus, is potentially affected by the following security issues : - An error exists with handling JavaScript errors that could lead to information disclosure. CVE-2011-1187 - An off-by-one error exists in the 'OpenType Sanitizer' that...
FreeBSD : mozilla -- multiple vulnerabilities (380e8c56-8e32-11e1-9580-4061862b8c22)
The Mozilla Project reports : MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XS...