9459 matches found
SeaMonkey < 2.32 Vulnerability
The version of SeaMonkey installed on the remote host is prior to 2.32. It is, therefore, affected by the following vulnerabilities : - Multiple unspecified memory safety issues exist within the browser engine. CVE-2014-8634, CVE-2014-8635 - A flaw exists where DOM objects with some specific...
Google Engineers Critical Aviator Browser Privacy, Security
Within hours on Thursday of WhiteHat Security releasing its Aviator browser to open source, a remote code execution vulnerability was disclosed, along with a handful of other coding issues that Google security engineers said jeopardized the security and privacy of Aviator’s users. Google’s public...
CVE-2014-2025 Remote Code Execution (RCE) in "Intrexx Professional"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-2025 =================== "Remote Code Execution RCE via Unrestricted File Upload" CWE-434 vulnerability in "Intrexx Professional" product Vendor =================== United Planet GmbH Product =================== "Intrexx is an integrated...
KPPW最新版SQL注入漏洞九(全局问题导致大面积注入及总结)
简要描述: KPPW最新版SQL注入漏洞九,也是全局问题导致的大面积注入,这里申明不是在刷漏洞,因为每一个问题都很严重,都能引发很多问题... 详细说明: KPPW最新版SQL注入漏洞九,也是全局函数的问题,导致大面积注入... 文件/control/user/accountauth.php if $code&&inarray$code,$arrAllowAuth $code or $code = $keys '0'; $code or kekezu::showmsg $lang 'paramerror', "index.php?do=auth", 3, '', 'warning' ;...
Custom Websites Running HD FLV Player Plugin Vulnerable
Content management system providers Joomla and WordPress have patched a critical vulnerability in the HD FLV Player, but custom websites running the Flash video player are still vulnerable. Researchers at Sucuri disclosed this week that a separate security issue can be abused to send spam and has...
Bad casting from the BasicThebesLayer to BasicContainerLayer — Mozilla
Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center GTISC reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no...
Use-after-free during HTML5 parsing — Mozilla
Security researcher SkyLined reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open. This leads to a potentially exploitable crash...
Buffer overflow while parsing media content — Mozilla
Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash...
RelateIQ Bug Bounty #1 - Persistent Signup Vulnerability
Document Title: =============== RelateIQ Bug Bounty 1 - Persistent Signup Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1332 View: https://www.youtube.com/watch?v=ZxGbG6U45NE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1320 Release Date:...
1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...
Internet Bug Bounty: Race condition in Flash workers may cause an exploitable double free
The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear at the same time, Flash does not correctly handle the race and may double free the array. Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:...
Advantech EKI-6340 - Command Injection
Advantech EKI-6340 - Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL:...
Mitsubishi Electric Automation MC-WorX Suite Unsecure ActiveX Control
OVERVIEW This advisory is a follow-up to the original alert, titled ICS-ALERT-13-259-01 Mitsubishi MC-WorX Suite Unsecure ActiveX Control,ICS-ALERT-13-259-01 Mitsubishi MC-WorkX Suite Insecure ActiveX Control, http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-259-01, web site last accessed February...
Advantech EKI-6340 2.05 Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date...
Advantech EKI-6340 2.05 Command Injection Vulnerability
Advantech EKI-6340 series is vulnerable to an OS command injection, which can be exploited by remote attackers to execute arbitrary code and commands, by using a non privileged user against a vulnerable CGI file. Advantech EKI-6340 Command Injection 1. Advisory Information Title: Advantech EKI-63...
Advantech EKI-6340 Command Injection
1. Advisory Information Title: Advantech EKI-6340 Command Injection Advisory ID: CORE-2014-0009 Advisory URL: http://www.coresecurity.com/advisories/advantech-eki-6340-command-injection Date published: 2014-11-19 Date of last update: 2014-11-19 Vendors contacted: Advantech Release mode: User...
SIP Script Remote Command Execution via Shellshock
The remote host appears to be running SIP. SIP itself is not vulnerable to Shellshock; however, any Bash script that SIP runs for filtering or other routing tasks could potentially be affected if the script exports an environmental variable from the content or headers of a SIP message. A negative...
3S CoDeSys Runtime Toolkit NULL Pointer Dereference
OVERVIEW Independent researcher Nicholas Miles has identified a NULL pointer dereference vulnerability in Smart Software Solutions 3S CoDeSys Runtime Toolkit application. 3S has produced an update that mitigates this vulnerability. Nicholas Miles has tested the update to validate that it resolves...
Security Advisory-DLL Hijacking Vulnerability on Huawei USB Modem products
This security advisory SA describes the impact of DLL-Hijacking vulnerability discovered in website. Vulnerability ID: HWPSIRT-2014-1046 This vulnerability is referenced in this document as follows: Any user in the system can modify the legitimate binary to any kind of malicious executable. If an...
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability 1. Advisory Information Title: SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability Advisory ID: CORE-2014-0007 Advisory URL:...