CVE-2018-12376

Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox 62, Firefox ESR 60.2, and Thunderbird 60.2....

xdebug Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'xdebug Unauthenticated OS Command Execution', 'Description' = %q Module exploits a vulnerability in the eval command present in Xdebug versions...

USN-3439-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 Yusuke Endoh discovered that Ruby incorrectly handled certain files. An attacker could use this to execute terminal escape sequences. CVE-2017-0899 Yusuke Endoh...

CVE-2017-7021

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

USN-2943-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2016-1628

pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, does not validate a certain precision value, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via a crafted JPEG 2000 image in a PDF document, related to the...

WM Downloader 3.0.0.9 - Buffer Overflow (Meta)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

CVE-2014-1532

Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service heap...

SuSE 11.3 Security Update : MozillaFirefox (SAT Patch Number 9049)

Mozilla Firefox was updated to 24.4.0ESR release, fixing various security issues and bugs : - Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of...

Updated python & python3 packages fix multiple vulnerabilities

Updated python and python3 packages fix security vulnerabilities: A vulnerability was reported in Python's socket module, due to a boundary error within the sockrecvfrominto function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses t...

Flashchat aedating4CMS.php dirinc Parameter PHP Code Execution - Ver2 (CVE-2006-4583)

A code execution vulnerability has been reported in FlashChat. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via vectors...

CVE-2011-3834

Multiple integer overflows in the inavi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for 1 the number of streams or 2 the size of the RIFF INFO chunk, leading to a heap-based buffer overflow...

CentOS Update for xpdf CESA-2009:0430 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Remote DoS on Safari for iPhone & iPod Touch

No description provided by source. Exploit Title: Remote DoS on Safari for iPhone & iPod Touch Date: 26/03/2010 Author: Nishant Das Patnaik For more of Nishant's research, please visit: http://nishantdaspatnaik.yolasite.com/research.php Tested on: iPod Touch 3G iPhone OS 3.1.3 Description: An...

Lenovo Hotkey Driver <= v5.33 Privilege Escalation Exploit

Exploit for unknown platform in category local exploits ========================================================== Lenovo Hotkey Driver in Lenovo Hotkey Driver and Access Connections version =v5.33 Impact: A privilege escalation attack can be used as a backdoor to bypass login and run arbitrary...

VUPlayer M3U Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3 'VUPlayer...

Mandriva Security Advisory MDVSA-2009:158-2 (pango)

The remote host is missing an update to pango announced via advisory MDVSA-2009:158-2. OpenVAS Vulnerability Test $Id: mdksa20091582.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:158-2 pango Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

RedHat Security Advisory RHSA-2009:0476

The remote host is missing updates announced in advisory RHSA-2009:0476. Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from...