156 matches found
Mozilla: top object and location property accessible by plugins (MFSA 2012-82)
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting XSS attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and...
Fedora 15 : java-1.6.0-openjdk-1.6.0.0-65.1.10.8.fc15 (2012-9541)
Security fixes S7079902, CVE-2012-1711: Refine CORBA data models S7110720: Issue with vm config file loadingIssue with vm config file loading S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. S7143614, CVE-2012-1716: SynthLookAndFeel...
Null pointer dereference
PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zendstrndup function, which might allow remote attackers to cause a denial of service NULL pointer dereference and application crash via crafted input to an application that performs strndup operations on untrusted string data, as demonstrat...
PHP 5.3.8 Multiple Vulnerabilities
Exploit for multiple platform in category dos / poc PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NULL Pointer Dereference with...
Mozilla remote code execution using watch and __defineSetter__ on SVG element
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an defineSetter function, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted documen...
PT-2009-4529 · Drupal · Drupal Views
Name of the Vulnerable Software and Affected Versions: Drupal Views module versions prior to 6.x-2.6 Description: A cross-site scripting XSS issue allows remote authenticated users to inject arbitrary web script or HTML via exposed filters in the Views UI administrative interface and the view nam...
Firefox 3 crashes in the JavaScript engine
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...
security flaw
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory vi...
security flaw
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory vi...
Low: sendmail security and bug fix update
8.13.1-3.2.el4 - fixed infinite loop within tls read by enabling FFRDEALWITHERRORSSL Resolves: rhbz121850 - fixed incorrect path to selinuxenabled in initscript Resolves: rhbz152282 - removed rpm build artifacts from sendmail-cf package Resolves: rhbz152955 - fixed missing socketmap support...
Bradabra <= 2.0.5 (include/includes.php) Remote Inclusion Vulnerability
No description provided by source. ====================================================================== Bradabra == v2.0.5 Remote File Include Vulnerability ====================================================================== Downlaoad Script :ftp://ftp1.comscripts.com/PHP/773bradabra-205.gz...
Heap overflow
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table DHT marker...
CVE-2007-0126
CVE-2007-0126 concerns Opera 9.02 where a heap-based overflow in processing a JPEG Define Huffman Table (DHT) marker can allow remote code execution. Connected advisories alsoreference CVE-2007-0127 related to a typecasting issue in Opera’s SVG handling. Mitigation documented in GLSA 200701-08 an...
Opera 9.10 - .jpg Image DHT Marker Heap Corruption
Opera 9.10 - .jpg Image DHT Marker Heap Corruption Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release...
New Vunerability
and now , 00 TNX str0k jamroom-3.0.19 Class: Remote|Local File Include Vulnerability Remote: Yes Local: No Type: High $it :http://www.jamroom.net/Downloads3Core Author: xw0x Contact: [email protected] Ramadan Bayarma All Musulman Vuln Code =================libchart.php================ requireonce...