6649 matches found
AoF, IAA and CSRF vulnerabilities in Question2Answer
Hello 3APA3A! These are Abuse of Functionality, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the second part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are...
CVE-2013-1493
The color management CMM functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service crash via an image with crafted raster parameters, which...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-0160...
Kaspersky Internet Security 2013 - Denial Of Service Vulnerability
Exploit for windows platform in category dos / poc I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any...
Kaspersky Internet Security 2013 - Denial of Service
Kaspersky Internet Security 2013 - Denial of Service I usually do not write security advisories unless absolutely necessary. This time I should, however I have neither the time, nor the desire to do so. But Kaspersky did not react, so ... quick and dirty: Kaspersky Internet Security 2013 and any...
Code injection
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...
CVE-2013-0897
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...
CVE-2013-0897
Off-by-one error in the PDF functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service via a crafted document...
CVE-2013-0897
CVE-2013-0897 affects Google Chrome’s PDF functionality. An off-by-one error in the PDF handling code on Windows, Linux, and macOS allows a remote attacker to cause a denial-of-service via a crafted PDF document. The issue is triggered by reading beyond bounds in PDF processing; impact is limited...
CVE-2013-0900
Race condition in the International Components for Unicode ICU functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2013-0871
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath...
CVE-2013-0871
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath...
Race condition
Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath...
Cross Platform Trojan builder distributed on underground forums
A Cross platform back door 'Frutas' remote access tool RAT is available for download on many forums from January 2013. This Trojan builder is completely written in Java. Recently, Symantec experts analyse that Frutas RAT allows attackers to create a connect-back client JAR file to run on a...
OpenSSL 1.0.1 < 1.0.1d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.1d. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.1d advisory. - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP...
Multiple vulnerabilities in Flash News theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload and Information Leakage...
Fedora Update for tinymce-spellchecker FEDORA-2013-1341
Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1341 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Multiple vulnerabilities in Chocolate WP theme for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...
Fedora Update for tinymce-spellchecker FEDORA-2013-1371
Check for the Version of tinymce-spellchecker OpenVAS Vulnerability Test Fedora Update for tinymce-spellchecker FEDORA-2013-1371 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
WordPress Flash News XSS / DoS / Path Disclosure / Shell Upload
Hello list! I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload and Information Leakage...