SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS)

The subject field for the included simple box doesn't escape HTML properly. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to administer/edit boxes. Wikipedia has more information about cross site scripting XSS. CVE identifiers issued CVE-2013-02...

Stable Channel Update

The Stable channel has been updated to 21.0.1180.89 for Linux, Mac, Windows and Chrome Frame This build fixes the following issues: Several Pepper Flash fixes Issue 140577, 144107, 140498, 142479. Microphone issues with tinychat.com Issue: 143192 devtools regression with "save as" of edited sourc...

Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated...

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes...

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

Design/Logic Flaw

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

CVE-2011-3068

Removed by vendor...

CVE-2011-3069

Removed by vendor...

CVE-2011-3069

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes...

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

FreeBSD Ports: chromium

The remote host is missing an update to the system as announced in the referenced advisory. VID 99aef698-66ed-11e1-8288-00262d5ed8ee OpenVAS Vulnerability Test $ Description: Auto generated from VID 99aef698-66ed-11e1-8288-00262d5ed8ee Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

CVE-2011-3036

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

CVE-2011-3036

Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

CVE-2011-3036

Removed by vendor...

Wordpress Verve Meta Boxes 1.2.8 File Upload

File upload vulnerability in Wordpress Verve Meta Boxes plugin Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

PT-2011-5120 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.1.0 RC and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved by manipulating the PATH INFO to...

PT-2011-5108 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 3.1.0 RC and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including sortfield, sortorder, and sall...

[SECURITY] Fedora 16 Update: kdebase-4.7.1-2.fc16

Core applications for KDE 4, including: dolphin : File manager kdepasswd : Changes a UNIX password. kdialog : Nice dialog boxes from shell scripts keditbookmarks : Bookmark oranizer and editor kfind : File find utility kfmclient : Tool for opening URLs from the command line konqueror : Web browse...

Debian DSA-2307-1 : chromium-browser - several vulnerabilities

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-2818 Use-after-free vulnerability in Google Chrome allows remote attackers to cause a denial of service or possibly have unspecified oth...

CVE-2011-2359

Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...