9457 matches found
Google Chrome OS < 33.0.1750.152 Multiple Security Vulnerabilities (deprecated)
Binary data 8161.prm...
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Oracle VirtualBox 3D Acceleration Multiple Memory Corruption Vulnerabilities 1. Advisory Information Title: Oracle VirtualBox 3D Acceleration Multiple Memory...
Microsoft, Kaspersky Shed Light on Sefnit Tor Botnet
Alarm bells went off last August when spikes in Tor client downloads were traced to a large click-fraud and Bitcoin-mining botnet called Sefnit. The malware was using the popular anonymity network to communicate with hackers in order to transmit stolen data and receive additional commands. In...
Mozilla Firefox JavaScript Function focus Buffer Overflow - Ver2 (CVE-2006-1993)
The Firefox web browser is an application designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so forth. The browser application has a built-in JavaScript interpreter which also allows it to use the Document Object Model DOM, in particular ...
i-doit Pro 1.2.4 Cross Site Scripting
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2014-1237 CSNC ID: CSNC-2014-002 Product: i-doit Vendor: synetics Gesellschaft für Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
Use-after-free with imgRequestProxy and image processing — Mozilla
Security researcher Arthur Gerkis, via TippingPoint's Zero Day Initiative, reported a use-after-free during image processing from sites with specific content types in concert with the imgRequestProxy function. This causes a potentially exploitable crash...
Crash when using web workers with asm.js — Mozilla
Soeren Balko reported a crash when terminating a web worker running asm.js code after passing an object between threads. This crash is potentially exploitable...
Solaris 9 (sparc) : 150506-01
Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Remote Procedure Call RPC. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can...
Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability
Talos Vulnerability Report VRT-2013-1004 Pidgin libpurple SIP/SIMPLE Content-Length Integer Overflow Vulnerability January 26, 2014 CVE Number CVE-2013-6490 Description An exploitable remote code execution vulnerability exists in Pidgin’s implementation of SIP/SIMPLE message handling. An attacker...
CVE-2013-6430 Possible XSS when using Spring MVC
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart [email protected]...
Plone CMS Credential Disclosure
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Plone CMS Vendor: Plone Foundation http://plone.org IDs: CSNC-2013-013, CVE-2013-4200 Subject: URL Redirection Vulnerability Risk: High Effect: Remotely exploitable Author: Cyrill Bannwart Date: 20/05/2013...
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...
QuickHeal AntiVirus 7.1 PRO - Stack Overflow Vulnerability
Document Title: =============== QuickHeal AntiVirus 7.1 PRO - Stack Overflow Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1173 View: http://www.youtube.com/watch?v=6aQR8H6HoCs http://www.vulnerability-lab.com/getcontent.php?id=1171 Resources:...
USP Secure Entry Server URL Redirection
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Secure Entry Server SES Vendor: United Security Providers Ltd. CSNC ID: CSNC-2013-008 CVD ID: CVE-2013-2764 Subject: URL Redirection Risk: High Effect: Remotely exploitable Author: Alexandre Herzog Date: 18.12.2013...
PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption
!/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version: 1.5.40688 Probably old version of PotPlayer too Vendor Homepage:...
IcoFX 2.5.0.0 Buffer Overflow
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ IcoFX Buffer Overflow Vulnerability 1. Advisory Information Title: IcoFX Buffer Overflow Vulnerability Advisory ID: CORE-2013-1107 Advisory URL: http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability Date...
Use-after-free in event listeners — Mozilla
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a user-after-free when interacting with event listeners from the mListeners array. This leads to a potentially exploitable crash...
Segmentation violation when replacing ordered list elements — Mozilla
Security researchers Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team used the Address Sanitizer tool while fuzzing to discover a mechanism where inserting an ordered list into a document through script could lead to a potentially exploitable crash that ca...
Use-after-free during Table Editing — Mozilla
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a use-after-free problem in the table editing user interface of the editor during garbage collection. This leads to a potentially exploitable crash...
$100 Million Worth of Bitcoins Stolen
UPDATE: As if Bitcoin malware and Bitcoin mining malware weren’t enough to worry about, there was more trouble for the users of the digital crypto-currency last week as 96,000 Bitcoins disappeared from the Sheep Marketplace. Bicoin’s value has surged in recent weeks, peaking at an astonishing...