The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this functionality after liberation in the nsEventListenerManager::CompileEventHandlerInternal method of the browser event registration manager for Mozilla Firefox allows a remote attacker to execute arbitrary code or cause a service failure e.g., errors in handling dynamic memory. Thi...

Adobe Reader DC ToolEventHandler Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Design/Logic Flaw

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...

CVE-2016-1760

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...

CVE-2016-1760

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app...

CVE-2016-1760

CVE-2016-1760 affects iOS LaunchServices XPC Services API prior to iOS 9.3. The vulnerability arises from an event handler validation issue in the XPC Services API, which could allow a crafted app to bypass intended event-handler restrictions and modify events in arbitrary apps. The Apple advisor...

Design/Logic Flaw

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

DEBIAN-CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

CVE-2013-4399

The CVE-2013-4399 issue affects libvirt up to version 1.1.3, where remoteClientFreeFunc in daemon/remote.c fails to set an identity when ACLs are used. This can allow an attacker to deny service by registering an event handler and then closing the connection, due to a use-after-free that can cras...

CVE-2013-4399

The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service use-after-free and crash by registering an event handler and then closing t...

Microsoft Internet Explorer CInputElement Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3779/info Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster. When script code includes a file outside of the document it is embedded in and the file...

Collabtive 1.2 - Persistent Cross-Site Scripting

Collabtive 1.2 - Persistent Cross-Site Scripting Vulnerability title: Stored XSS vulnerability in Collabtive application CVE-2014-3247 CVE: CVE-2014-3247coordinated with cve assigning team and vendor Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version:...

[RT-SA-2014-002] rexx Recruitment: Cross-Site Scripting in User Registration

Advisory: rexx Recruitment Cross-Site Scripting in User Registration RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in rexx Recruitment's user registration page during a penetration test. If attackers can persuade users to click on a prepared link or redirected them to suc...

Internet Explorer JavaScript window() Memory Corruption (MS05-054) - Ver2 (CVE-2005-1790)

Microsoft Internet Explorer is a web browser capable of displaying HTML encoded pages, downloading files, etc. This application has a built-in JavaScript interpreter. It is also capable of using Document Object Model DOM objects, in particular by providing access to them through JavaScript. A...

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute...

MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple...

Memory corruption

Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...