SA-CONTRIB-2013-054 - Fast Permissions Administration - Access Bypass

The Fast Permissions Administration module enables you to use inline filters on the permissions page, as well as loading the permissions form through a modal dialog. The module doesn't sufficiently check user access for the modal content callback, allowing unauthorized access to the permissions...

CSP 1.0 Added to Firefox to Block XSS Attacks

After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been implemented in Google Chrome and Internet Explorer and there was a limited implementation of it in Firefox...

CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

Code injection

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

VulnCheck KEV: CVE-2012-6467

Opera before 12.10 follows Internet shortcuts that are referenced by a 1 IMG element or 2 other inline element, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site, as exploited in the wild in November 2012...

Pidgin MXit Message Parsing Buffer Overflow Vulnerability - Windows

Pidgin is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-2325

SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel ACP in MyBB aka MyBulletinBoard before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors...

CentOS Update for thunderbird CESA-2012:0715 centos5

Check for the Version of thunderbird OpenVAS Vulnerability Test CentOS Update for thunderbird CESA-2012:0715 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CVE-2012-3374

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message...

DEBIAN-CVE-2012-3374

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message...

Buffer overflow

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message...

CVE-2012-3374

Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message...

Ubuntu: Security Advisory (USN-1463-6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1463-3: Firefox regressions

USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a regression in the rendering of Hebrew text and the ability of the Hotmail inbox to auto-update. This update fixes the problem. Original advisory details: Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew...

SeaMonkey 2.x < 2.10 Multiple Vulnerabilities

Binary data 6496.prm...

Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist. CVE-2012-1937, CVE-2012-1939...

Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36)

The Content Security Policy CSP implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

Mozilla: Content Security Policy inline-script bypass (MFSA 2012-36)

The Content Security Policy CSP implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

Content Security Policy inline-script bypass — Mozilla

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's CSP inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting XSS were not fully protected...

V-CMS 1.0 Shell Upload

------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........Arbitrary Upload Threat Level............Very Critical 5/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested On...............Window...