326 matches found
Microsoft Internet Explorer SetMouseCapture Use-After-Free
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JavaScript code that uses the onpropertychange event handler, as exploit...
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "MS13-059 Microsof...
Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059) (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "MS13-059 Microsof...
Modsecurity Cross Site Scripting Bypass
Product: Modsecurity Author: Rafay Baloch Company: RHAINFOSEC Website: http://services.rafayhackingarticles.net Reported: 8/8/2013 Fixed: 25/8/2013 Status: Fixed ============ Introduction ============ The ModSecurity firewall is one of the most known WAF around, It has anonline smoke test where w...
MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
This is a memory corruption bug found in Microsoft Internet Explorer. On IE 9, it seems to only affect certain releases of mshtml.dll, ranging from a newly installed IE9 9.0.8112.16446, to 9.00.8112.16502 July 2013 update. IE8 requires a different way to trigger the vulnerability, but not current...
Microsoft Internet Explorer RemoveSplice Use-After-Free Remote Code Execution Vulnerabliity
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Internet Explorer saveHistory Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific issue is due to the way Internet Explorer handle...
Microsoft Internet Explorer CHTML Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2011-4578
event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to 1 perform write operations within directories created by a script, or 2 read files created by a script, via standard filesystem system...
Internet Explorer Script Interjection Code Execution
Internet Explorer Script Interjection Code Execution Derek Soeder [email protected] Reported: January 26, 2012, to SecuriTeam Secure Disclosure http://www.beyondsecurity.com/ssd.html Published: August 16, 2012 AFFECTED VENDOR --------------- Microsoft Corporation AFFECTED ENVIRONMENTS...
Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
nsSVGValue out-of-bounds access — Mozilla
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that a flaw in the Mozilla SVG implementation could result in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler...
CVE-2011-4578
event.c in acpid aka acpid2 before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to 1 perform write operations within directories created by a script, or 2 read files created by a script, via standard filesystem system...
Debian DSA-2296-1 : iceweasel - several vulnerabilities
Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-0084 'regenrecht' discovered that incorrect pointer handling in the SVG processing co...
Google Chrome multiple vulnerabilities - February 11(Windows)
The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnfeb11win.nasl 7029 2017-08-31 11:51:40Z teissa $ Google Chrome multiple vulnerabilities - February 11Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone...
Google Chrome multiple vulnerabilities - February 11(Linux)
The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnfeb11lin.nasl 7024 2017-08-30 11:51:43Z teissa $ Google Chrome multiple vulnerabilities - February 11Linux Authors: Madhuri D Copyright: Copyright c 2011 Greenbone...
Google Chrome Multiple Vulnerabilities (Feb 2011) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-0780
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service application crash or possibly have unspecified other impact via unknown vectors...
CVE-2011-0780
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service application crash or possibly have unspecified other impact via unknown vectors...
Code injection
The PDF event handler in Google Chrome before 9.0.597.84 does not properly interact with print operations, which allows user-assisted remote attackers to cause a denial of service application crash or possibly have unspecified other impact via unknown vectors...