CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

Use-after-free in Developer Console date with OpenType Sanitiser — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a problem with OpenType Sanitiser OTS that resulted in a use-after-free while expanding macros in some circumstances. This use-after-free was only used for information displayed in the developer console and was not...

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher

Title:- XSS In Image-Metadata-Cruncher Author: Kaustubh G. Padwad Product: image-metadata-cruncher pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Auth: Requierd Description: Vulnerable Parameter: Alternate text: Caption: Custom image meta tags: Vulnerability...

WordPress Image Metadata Cruncher CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin Author: Kaustubh G. Padwad CVE-ID : CVE-2015-1614 Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Description: Vulnerable Parameter: Alternate text,Caption,Custom image meta...

Value 1 2 5 0 0 dollars to the Facebook album delete vulnerability-vulnerability warning-the black bar safety net

Overview: if your photo is deleted unknowingly, what will you do? Obviously, this problem is very annoying huh? This post is to say I found a vulnerability which allows a malicious user to delete Facebook on any album. Yes, any user, page, group, photo album can be deleted. The Graph API is the...

WordPress Video Gallery 2.7 SQL Injection

Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip Dork Google:...

CVE-2014-8838

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

Design/Logic Flaw

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

Code injection

securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...

CVE-2014-8838

The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app...

CVE-2014-8838

CVE-2014-8838 affects macOS OS X prior to 10.10.2, where the Security component mishandles cached app certificate information. This allows a crafted app signed with a revoked Developer ID to bypass Gatekeeper checks, as described in the vulnerability entry and corroborated by vulnerability listin...

CVE-2014-8831

securitytaskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a 1 self-signed certificate or 2 Developer ID certificate...

Unspecified Vulnerability in Oracle Reports Developer

Oracle Reports Developer is a report development, design and production suite. A security vulnerability exists in Oracle Reports Developer that could be exploited by remote attackers to compromise system integrity...

CVE-2014-6580

Technical details about CVE-2014-6580 are not publicly available in the provided documents. The records only indicate an unspecified vulnerability in Oracle Reports Developer within Oracle Fusion Middleware; monitor for updates and additional disclosures.

corephp paGo, LFI 1.0.7 and below

Corephp paGo, , DT, LFI Developer update statement http://www.corephp.com/blog/corephp-announces-immediate-availability-pago-commerce-1-07-1/...

chicken -- buffer overrun in substring-index[-ci]

chicken developer Moritz Heidkamp reports: The substring-index-ci procedures of the data-structures unit are vulnerable to a buffer overrun attack when passed an integer greater than zero as the optional START argument. As a work-around you can switch to SRFI 13's string-contains procedure which...

RHEL 6 : glibc (RHSA-2015:0016)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0016 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the Name Serv...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0016 Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Absolut Engine 1.73 - Multiple Vulnerabilities

CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...

Pilot CMS Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities. These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot "Ïèëîò" on Russian. It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products:...