14 matches found
EUVD-2011-0039
Malware in sbrugna...
EUVD-2011-1189
Malware in sbrugna...
EUVD-2013-0523
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2011-1179
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service crash and possibly execute...
Arbitrary Code Execution
spice-xpi is vulnerable to arbitrary code execution. The vulnerability exists as an uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or...
Scientific Linux Security Update : spice-xpi on SL5.x,SL6.x i386/x86_64
An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefo...
CVE-2011-1179
CVE-2011-1179 concerns the SPICE Firefox plug-in (spice-xpi) versions 2.4, 2.3, 2.2 and possibly earlier, where a flaw in two plugin files (nsScriptablePeer.cpp and plugin.cpp) can cause multiple uses of an uninitialized pointer. This can lead to denial of service (crash) and potentially arbitrar...
CVE-2011-1179
The SPICE Firefox plug-in spice-xpi 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to 1 plugin/nsScriptablePeer.cpp and 2 plugin/plugin.cpp, which trigger multiple uses of an uninitializ...
CentOS 5 : spice-xpi (CESA-2010:0651)
An updated spice-xpi package that fixes two security issues and three bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
spice-xpi symlink attack
The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...
Security feature bypass
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that...
DX Studio Player Firefox plug-in code execution
It's possible to execute system commands via Javascript API...
DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DX Studio Player Firefox plug-in command injection 1. Advisory Information Title: DX Studio Player Firefox plug-in command injectio...
DX Studio Player Firefox plug-in command injection
1. Advisory Information Title: DX Studio Player Firefox plug-in command injection Advisory ID: CORE-2009-0521 Advisory URL:http://www.coresecurity.com/core-labs/advisories/DXStudio-player-firefox-plugin Date published: 2009-06-09 Date of last update: 2009-06-08 Vendors contacted: Worldweaver...