3182 matches found
USN-920-1: Firefox 3.0 and Xulrunner vulnerabilities
Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking...
Ubuntu Update for openjdk-6 vulnerabilities USN-923-1
Ubuntu Update for Linux kernel vulnerabilities USN-923-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9231.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Mozilla Firefox浏览器强制URL拖放操作权限提升漏洞
CVECAN ID: CVE-2010-0178 Firefox是一款流行的开源WEB浏览器。 浏览器Applet可能错误的将单个鼠标点击动作解释为拖放操作,这可能导致在用户浏览器中非预期的加载资源。攻击者可以连续两次利用这种行为,第一次在用户浏览器中加载特权的chrome: URL,之后在同一文档之上加载恶意的javascript: URL,导致以chrome权限执行任意脚本。 Mozilla Firefox 3.6 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0.4 补丁安装方法: 1. 手工安装补丁...
Mozilla Foundation Security Advisory 2010-20
Mozilla Foundation Security Advisory 2010-20 Title: Chrome privilege escalation via forced URL drag and drop Impact: Critical Announced: March 30, 2010 Reporter: Paul Stone Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.2 Firefox 3.5.9 Firefox 3.0.19 SeaMonkey 2.0.4 Description Security...
CVE-2010-0178
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL an...
CVE-2010-0178
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL an...
OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...
OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...
OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
Firefox Chrome privilege escalation via forced URL drag and drop
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL an...
Chrome privilege escalation via forced URL drag and drop — Mozilla
Security researcher Paul Stone reported that a browser applet could be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. This behavior could be used twice in succession to first load a privileged chrome...
DB2 Suspicious Command Detection (drop database)
Binary data 5373.prm...
DB2 Suspicious Command Detection (drop table)
Binary data 5375.prm...
OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084...
Fedora 12 : automake-1.11.1-1.fc12 (2009-13157)
Wed Dec 9 2009 Karsten Hopp 1.11.1-1 - update to version 1.11.1 to fix CVE-2009-4029 - Tue Dec 1 2009 Karsten Hopp 1.11-6 - preserve time stamps of man pages 225302 - drop MIT from list of licenses - Wed Nov 4 2009 Stepan Kasal - 1.11-5 - add even more testsuite build requires - Wed Nov 4 2009...
MySQL: Format string vulnerability by manipulation with database instances (crash)
Multiple format string vulnerabilities in the dispatchcommand function in libmysqld/sqlparse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service daemon crash and possibly have unspecified other impact via format string specifiers in a database...
PostgreSQL Server Generic Query
This module imports a file local on the PostgreSQL Server into a temporary table, reads it, and then drops the temporary table. It requires PostgreSQL credentials with table CREATE privileges as well as read privileges to the target file. This module requires Metasploit:...
Sun MySQL mysql_log Format String (CVE-2009-2446)
A format string vulnerability exists in Sun Microsystems MySQL database server. The flaw is due to insufficient input validation when processing create and drop database commands. Remote authenticated attackers could exploit this vulnerability by sending malformed data to the MySQL process. In a...
Internet Explorer Drag and Drop Elevation of Privilege (MS04-038; CVE-2004-0839)
Microsoft Internet Explorer provides a number of ways to represent remote or local content. One of it's more powerful features is the Web folder view. The Web folder provides easy access to files located on a web server. A vulnerability exists in the way Internet Explorer uses the web folder view...