CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

CVE-2016-9905

A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR 45.6 and Thunderbird 45.6...

CVE-2016-7879

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution...

CVE-2016-9898

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

CVE-2016-9894

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox 50.1...

SAP NetWeaver disp+work anonymous denial of service with crafted DIAG request

Application: SAP NetWeaver Versions Affected: SAP NetWeaver disp+work 7.4 Vendor URL: SAP Bugs: DoS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2405918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS Impac...

CVE-2016-6523

Multiple cross-site scripting XSS vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the 1 q or 2 linktype parameter to admin/media.php...

Schneider Electric Building Operation Automation Server Vulnerability

OVERVIEW Independent researcher Karn Ganeshen has identified a vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software. Schneider Electric has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely...

ImageMagick Convert Tiff Adobe Deflate Code Execution Vulnerability

Summary An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks’s convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution.. The vulnerability can be...

TP-LINK TDDP Multiple Vulnerabilities

1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL:https://www.coresecurity.com/core-labs/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode:...

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery

FUDforum 3.0.6 - Cross-Site Scripting Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable...

LEPTON 2.2.2 - SQL Injection

LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...

FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: FUDforum 3.0.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://fudforum.org/forum/ Vulnerability Type: XSS, Login CSRF Remote Exploitable: Yes Reported to vendor: 04/11/2016 Disclosed to public:...

LEPTON 2.2.2 - Remote Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...

Lepton 2.2.2 Stable SQL Injection Vulnerability

Lepton version 2.2.2 Stable suffers from remote SQL injection vulnerabilities. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: S...

Jaws 1.1.1 Code Execution Vulnerability

Jaws version 1.1.1 suffers from a remote code execution vulnerability. 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 09/05/2016...

Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags Vulnerabilities

Jaws version 1.1.1 suffers from object injection, open redirection, and cookie flag related vulnerabilities. 1. Introduction Affected Product: Jaws 1.1.1 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://jaws-project.com/ Vulnerability Type: Object Injection, Open Redirect, Cooki...

CVE-2016-9067

Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox 50...

CVE-2016-9068

A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox 50...

CVE-2016-9069

A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox 50...