747 matches found
UBUNTU-CVE-2015-1156
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, vi...
Apple Fixes WebKit Vulnerabilities in Safari Browser
Apple has updated its Safari browser, fixing a handful of exploitable WebKit flaws in various versions of Safari. WebKit is the core layout engine responsible for rendering webpages in the Safari browser. The first bulletin, vulnerabilities uncovered by Apple, resolves multiple memory corruption...
KLA10541 Multiple vulnerabilities in Juniper Junos
Multiple serious vulnerabilities have been found in Juniper Junos. Malicious users can exploit these vulnerabilities to gainprivileges, execute arbitrary code orspoof user interface. Below is a complete list of vulnerabilities 1. XSS vulnerability can be exploited remotely via unspecified vectors...
KLA10506 Multiple vulnerabilities in Websense products
Multiple serious vulnerabilities have been found in Websense products. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute or inject arbitrary code, spoof user interface and read or write arbitrary files. Below is a complete lis...
KLA10484 Interface spoofing vulnerability in McAfee Agent
An unspecified vulnerability was found in McAfee Agent. By exploiting this vulnerability malicious users conduct clicjacking attack. This vulnerability can be exploited remotely via a specially designed web page. Original advisories McAfee bulletin Related products McAfee-Agent CVE list...
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness
No description provided by source. source: http://www.securityfocus.com/bid/9685/info A weakness has been alleged in Microsoft Windows XP that could reportedly allow aspects of the Help and Support Center interface to be spoofed via a malicious link. By spoofing this interface, an attacker could...
[SECURITY] [DSA 2939-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2939-1 [email protected] http://www.debian.org/security/ Michael Gilbert May 31, 2014 http://www.debian.org/security/faq -...
Debian DSA-2939-1 : chromium-browser - security update
Several vulnerabilities were discovered in the chromium web browser. - CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. - CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. - CVE-2014-1745...
Debian Security Advisory DSA 2939-1 (chromium-browser - security update)
Several vulnerabilities were discovered in the chromium web browser. CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling. CVE-2014-1745 Atte...
DSA-2939-1 chromium-browser - security update
Bulletin has no description...
Debian: Security Advisory (DSA-2939-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
KLA10014 Multiple SUI vulnerabilities in Opera
Multiple low severity vulnerabilities have been found in Opera versions 21 and earlier. Malicious users can exploit these vulnerabilities to spoof user interface. Vectors related to the address bar can be exploited to fool some users via user interface spoofing. Original advisories Opera blog...
Mozilla Firefox / Thunderbird / Seamonkey / nss multiple security vulnerabilities
Buffer overflows, memory corruptions, information leakage, privilege escalation, protection bypass, unauthorized access, interface spoofing...
$100 Million Worth of Bitcoins Stolen
UPDATE: As if Bitcoin malware and Bitcoin mining malware weren’t enough to worry about, there was more trouble for the users of the digital crypto-currency last week as 96,000 Bitcoins disappeared from the Sheep Marketplace. Bicoin’s value has surged in recent weeks, peaking at an astonishing...
KLA10076 Multiple vulnerabilities in Apple iTunes
Multiple critical vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or spoof HTTPS servers. Below is a complete list of vulnerabilities 1. Vectors related to browsing the iTunes Store can be...
Code injection
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...
CVE-2012-0460
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...
Critical: Red Hat Security Advisory: firefox security and bug fix update
Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Mozilla: window.fullScreen writeable by untrusted content (MFSA 2012-18)
Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a craft...
CVE-2010-1757
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document...