4742 matches found
CVE-2014-1725
Removed by vendor...
Fedora 19 : tigervnc-1.3.0-10.fc19 (2014-4180)
This update fixes CVE-2014-0011, a ZRLE decoding heap-based buffer overflow in vncviewer. This update contains some small fixes for issues that could cause the server or the viewer to crash, and includes a change that makes vncserver create clearer xstartup files. Note that Tenable Network Securi...
SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X
SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...
[Peepdf] PDF Analysis and Creation/Modification Tool
peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...
Ubuntu 12.04 LTS / 12.10 / 13.10 : thunderbird vulnerabilities (USN-2151-1)
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman and Christoph Diehl discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause...
Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17)
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service out-of-bounds read and...
Out of bounds read during WAV file decoding — Mozilla
Security researcher Atte Kettunen from OUSPG reported an out of bounds read during the decoding of WAV format audio files for playback. This could allow web content access to heap data as well as causing a crash...
Discuz attachment download permission bypass method-vulnerability warning-the black bar safety net
Ultra vires download contain a“Read permissions”plug-in, download plug-in free snap coin To reproduce the steps of: 1, Using the administrator account, Upload a high reading permissions of the attachment 2, The use of low-privileged user account, download the attachment, this time, Discuz will...
phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)
A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...
(gif2tiff): GIF LZW decoder missing datasize value check
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service out-of-bounds write via a crafted 1 extension block in a GIF image or 2 GIF raster image to tools/gif2tiff.c or 3 a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are...
libpng拒绝服务漏洞
Bugtraq ID:65776 CVE ID:CVE-2014-0333 libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。 libpng16中的渐进式解码器在处理零长度IDAT块时存在安全漏洞,允许攻击者利用漏洞构建恶意文件,诱使用户解析,可使应用程序挂起。 0 libpng 1.6.0 -1.6.9 厂商补丁: libpng ----- 用户可参考如下厂商提供的安全补丁以修复该漏洞: https://sourceforge.net/projects/libpng/files/libpng16/patch-libpng16-vu684412.diff...
EasyTalk Sql Injection 1-5
简要描述: 过滤不严。 详细说明: 注入1: 在topicaction.class.php中 public function topic $keyword=$this-get'keyword','urldecode';//无过滤 且解码 if $keyword $topic = D'Topic'-where"topicname='$keyword'"-find; if $topic $isfollow=D'Mytopic'-isfollow$topic'id',$this-my'userid';...
DEBIAN-CVE-2014-0045
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opusdecodefloat function, which allows...
Firefox < 27.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by multiple vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists related to...
Mozilla Thunderbird < 24.3 Multiple Vulnerabilities
Binary data 8100.prm...
SeaMonkey < 2.24 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.24 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists relat...
Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...
Firefox < 27.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 27.0 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477, CVE-2014-1478 - An error exists related...
Thunderbird < 24.3 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to System...
OpenJDK: XXE issue in decoder (Beans, 8023245)
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the Janua...