8560 matches found
Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow
Added: 10/15/2010 CVE: CVE-2010-3552 BID: 44023 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements fo...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain...
Prevx 3.0.5.206 ACCESS DENIED Exploit
Exploit for windows platform in category local exploits ===================================== Prevx 3.0.5.206 ACCESS DENIED Exploit ===================================== Author : STRELiTZIA Software : Prevx 3.0.5.206 and old Tested on : Windows All ============================ = Description =...
SAP NetWeaver SOAP RFC – Denial of Service / Integer overflow
Application: SAP NetWeaver Kernel Versions Affected: ernel 4.6 – 7.2 Vendor URL: http://www.sap.com Bugs:XML Attribute Blow-up attack Exploits: YES Reported: 09.12.2010 Vendor response: 10.12.2010 Solution:YES Date of Public Advisory: 20.07.2011 Author: Alexey Sintsov Description It is possible t...
Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS...
Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols aka columns...
Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS...
ColdFusion Server Check
This module attempts to exploit the directory traversal in the 'locale' attribute. According to the advisory the following versions are vulnerable: ColdFusion MX6 6.1 base patches, ColdFusion MX7 7,0,0,91690 base patches, ColdFusion MX8 8,0,1,195765 base patches, ColdFusion MX8 8,0,1,195765 with...
Cisco IOS BGP Attribute Corruption Vulnerability - Cisco Systems
A Border Gateway Protocol BGP UPDATE contains Network Layer Reachability Information NLRI and attributes that describe the path to the destination. An unrecognized transitive attribute can cause failures in Cisco IOS routers, ranging from a crash upon receipt of the unrecognized transitive...
CVE-2010-3035
Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service peering reset via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, a...
Microsoft Internet Explorer - Object Type (MS03-020) (Metasploit)
$Id: ms03020ieobjecttype.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Akamai Download Manager arbitrary file download & execution
------------------------------------------------------------------------ Akamai Download Manager arbitrary file download & execution ------------------------------------------------------------------------ Yorick Koster, April 2009...
CVE-2010-1208
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node wit...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)
This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...
Mozilla Products Multiple Vulnerabilitie july-10 (Windows)
The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwin01jul10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilitie july-10 Windows Authors: Antu Sanadi Copyright: Copyrig...
Mozilla arbitrary free flaw
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...
Mozilla arbitrary free flaw
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...
Mozilla Foundation Security Advisory 2010-35
Mozilla Foundation Security Advisory 2010-35 Title: DOM attribute cloning remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11 SeaMonkey 2.0.6...
ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability
ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-134 July 20, 2010 -- CVE ID: CVE-2010-1208 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox...
Firefox 3.6 < 3.6.7 Multiple Vulnerabilities
The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute...