Firefox < 20 Multiple Vulnerabilities

The installed version of Firefox is earlier than 20 and is, therefore, potentially affected by the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788, CVE-2013-0789 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...

SeaMonkey < 2.17 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.17 and thus, is potentially affected by the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788, CVE-2013-0789 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...

DEBIAN-CVE-2013-0791

The CERTDecodeCertPackage function in Mozilla Network Security Services NSS, as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial ...

STUNSHELL Web Shell Remote PHP Code Execution

This module exploits unauthenticated versions of the "STUNSHELL" web shell. This module works when safe mode is enabled on the web server. This shell is widely used in automated RFI payloads. This module requires Metasploit: https://metasploit.com/download Current source:...

[Converter v0.7] Analyzing and Deobfuscating Malicious Scripts

Malicious Java applets have been making news for awhile so I thought I would update Converter to include some new features to help with deobfuscating them. This is a list of changes made to this version: + Replaced Binary-to/from-Text with Binary-to/from-Hex to make it more useful + Added Filter...

openjpeg library security vulnerabilities

Vulnerabilities on JPEG encoding and decoding...

CVE-2013-2277

The ffh264decodeseqparameterset function in h264ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service out-of-bounds array access and application crash or possibly have unspecifie...

DEBIAN-CVE-2013-0333

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

CVE-2013-0333

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

PT-2013-1054 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 2.3.x through 2.3.15 Ruby on Rails versions 3.0.x through 3.0.19 Description: The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem lies i...

rubygem-activesupport: json to yaml parsing

lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...

libxml2: fixed buffer overflow during decoding entities (important)

A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document...

security update to Firefox 17.0 and other Mozilla based packages (important)

update to Firefox/Thunderbird 17.0 and Seamonkey 2.14 bnc790140 MFSA 2012-91/CVE-2012-5842/CVE-2012-5843 Miscellaneous memory safety hazards MFSA 2012-92/CVE-2012-4202 bmo758200 Buffer overflow while rendering GIF images MFSA 2012-93/CVE-2012-4201 bmo747607 evalInSanbox location context incorrect...

CVE-2011-3937

The H.263 codec libavcodec/h263dec.c in FFmpeg 0.7.x before 0.7.12, 0.8.x before 0.8.11, and unspecified versions before 0.10, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 has unspecified impact and attack vectors related to "width/height changin...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...

update for bogofilter (important)

This version upgrade of bogofilter fixed a heap corruption in the base 64 decoding routine as well as several other non-security issues...

libxml2: fixed buffer overflow during decoding entities (important)

A Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 allowed remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document...

Google Chrome Multiple Vulnerabilities-03 Dec2012 (Linux)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln03dec12lin.nasl 5958 2017-04-17 09:02:19Z teissa $ Google Chrome Multiple Vulnerabilities-03 Dec2012 Linux Authors: Antu Sanadi Copyright: Copyright c 2012...

Google Chrome Multiple Vulnerabilities-03 Dec2012 (Windows)

This host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln03dec12win.nasl 5963 2017-04-18 09:02:14Z teissa $ Google Chrome Multiple Vulnerabilities-03 Dec2012 Windows Authors: Antu Sanadi Copyright: Copyright c 2012...

Google Chrome Multiple Vulnerabilities-03 (Dec 2012) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...