938 matches found
TYPO3 Flvplayer Component Flash Embedding Vulnerability
TYPO3 is a free and open source content management system. flvplayer is one of the video player components. A security vulnerability exists in the Flvplayer component of TYPO3, which allows remote attackers to exploit the vulnerability to embed Flash videos from an external domain...
CVE-2015-8760
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."...
WordPress S3 Video Remote Shell Upload Vulnerability
WordPress S3 Video plugin suffers from a remote shell upload vulnerability. Versions prior to 0.91 are affected. Exploit Title : Wordpress S3 Video Plugin file upload Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://plugins.svn.wordpress.org/s3-video/tags/0.91/ Affected Version:...
CVE-2015-4551
LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from...
Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04659)
Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows OLE due to the program failing to properly validate user input. An attacker could exploit this...
[SECURITY] Fedora 22 Update: xulrunner-37.0.2-1.fc22
XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...
openoffice: Arbitrary file disclosure via crafted OLE objects
A flaw was found in the OLE Object Linking and Embedding generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution...
UBUNTU-CVE-2014-9665
The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...
VulnCheck KEV: CVE-2014-6352
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object...
VulnCheck KEV: CVE-2014-4114
A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...
ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more
The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...
[SECURITY] Fedora 20 Update: xulrunner-31.0-1.fc20
XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...
Adobe Flash Player "Button" Remote Code Execution
No description provided by source. $Id: adobeflashplayerbutton.rb 10857 2010-11-01 22:34:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Apple Quicktime /w IE .qtl Version XAS - Remote Exploit PoC
No description provided by source. !-- Performing XAS Cross Application Scripting attacks automatically read no user interaction is very easy, as I showed before in my shutting down skype proof-of-concept. But, what if you are using a limited web environment, where you can't use iframes or script...
[ MDVSA-2014:111 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
[SECURITY] Fedora 19 Update: xulrunner-29.0-1.fc19
XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...
Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
[SECURITY] Fedora 19 Update: xulrunner-27.0-1.fc19
XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...
[SECURITY] Fedora 20 Update: xulrunner-27.0-1.fc20
XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XP COM applications that are as rich as Firefox and Thunderbird. It provides mecha nisms for installing, upgrading, and uninstalling these applications. XULRunner a lso provides libxul, a solution which allows the embedding ...