GLSA-201201-16 : X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

The remote host is affected by the vulnerability described in GLSA-201201-16 X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an applicati...

HITB2011KUL - Post Memory Corruption Analysis

Document Title: =============== HITB2011KUL - Post Memory Corruption Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/398.wmv View: http://www.youtube.com/watch?v=kOgarD9KCbg Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID:...

HITB2011KUL - Post Memory Corruption Analysis

Document Title: =============== HITB2011KUL - Post Memory Corruption Analysis References: =========== Download: http://www.vulnerability-lab.com/resources/videos/398.wmv View: http://www.youtube.com/watch?v=kOgarD9KCbg Release Date: ============= 2012-01-26 Vulnerability Laboratory ID VL-ID:...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Bugzilla Chart Generator Cross Site Scripting

Advisory: Bugzilla: Cross-Site Scripting in Chart Generator RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Bugzilla's chart generator during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to such a link from an...

VxWorks Debugging Service Security Bypass Vulnerability

VxWorks is prone to a remote security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VxWorks Debugging Service Security-Bypass Vulnerability

VxWorks is prone to a remote security-bypass vulnerability. Successful exploits will allow remote attackers to perform debugging tasks on the vulnerable device. The issue affects multiple products from multiple vendors that ship with the VxWorks operating system. OpenVAS Vulnerability Test $Id:...

Carrier IQ Says Bug Can Cause Some SMS to Be Recorded in Coded Form

Carrier IQ, the embattled software company at the center of the controversy over alleged data collection on mobile devices, has released a new document that details the ways in which carriers deploy the software, how it works on devices and what data it is capable of collecting. The company also...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid57270; scriptversion"1.6";...

sos: sosreport is gathering certificate-based RHN entitlement private keys

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes 1 Certificate-based Red Hat Network private entitlement keys and the 2 private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive...

Low: Red Hat Security Advisory: sos security, bug fix, and enhancement update

An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in includes/templates/templatedefault/common/tplheadertestinfo.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the 1 mainpage parameter or 2 PATHINFO, a different...

USN-1251-1: Firefox and Xulrunner vulnerabilities

It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. CVE-2011-3647 Yosuke Hasegawa discovered that the Mozill...

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Mozilla: crash while profiling page with many functions (MFSA 2011-49)

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Mozilla: crash while profiling page with many functions (MFSA 2011-49)

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service memory corruption and application crash or possibly have...

Google Chrome PoC, killing thread

No description provided by source. -' pigtail23 -' -' www.remoteshell.de -.OO .- OO.- OO .-/ -. .' \ ,--' ,----'/ '. / ,---. ,--',--. .----. .----. ...--'' | OO' .-OO |'--...| \ /.\ | OO| -',-. |.-, | | |.' | | | | | .-, --. .--''-'|.' | | | | |OO .' .' | | ..'| |/ | | './ | | | .-. || |/| ' |...

SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725)

This update of yast2-core fixes security issues, bugs, and adds a debugging feature. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid56619; scriptversion"1.7";...