Java RMI Server Insecure Default Configuration Java Code Execution

No description provided by source. $Id: javarmiserver.rb 13186 2011-07-15 20:44:08Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Blackboard Academic Suite 6.2.3.23 Frameset.JSP Cross-Domain Frameset Loading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15814/info Blackboard Academic Suite is prone to a cross-domain frameset-loading vulnerability. Successful exploitation may result in various attacks, such as information disclosure and session hijacking. An attacker may...

openSUSE Security Update : opera (openSUSE-SU-2010:0370-1)

Opera was upgraded to the 10.60 release. It brings lots of new features, bugfixes and security fixes. Security fixes include: CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets even when the style sheet download has an incorrect MIME type and the style sheet document is...

openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)

This update brings Mozilla Thunderbird to version 3.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-base...

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

OpenPAM protection bypass

In some situations policy from valid location may not be loaded...

Microsoft Office Chinese Grammar Checker Insecure Library Loading (MS14-023; CVE-2014-1756)

An insecure library loading vulnerability has been reported in Microsoft Office proofing tools. The vulnerability is due to the way that the Chinese Simplified Grammar Checker component handles the loading of dynamic-link library .dll files. A remote attacker could exploit this vulnerability by...

MGASA-2014-0245 Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

Buffer overflow

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service crash via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow...

CVE-2014-3714

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service crash via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow...

UBUNTU-CVE-2014-3714

The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service crash via a crafted 32-bit ARM guest kernel in an image, which triggers a buffer overflow...

CVE-2014-3714

Affected software: Xen 4.4.x running on ARM images. The issue is in ARM image loading where kernel length is not properly validated, allowing a crafted 32-bit ARM guest kernel in an image to trigger a buffer overflow. Consequences described: local users can read system memory or cause a denial of...

input handling vulnerabilities loading guest kernel on ARM

ISSUE DESCRIPTION When loading a 32-bit ARM guest kernel the Xen tools did not correctly validate the length of the kernel against the actual image size. This would then lead to an overrun on the input buffer when loading the kernel into guest RAM CVE-2014-3714. Furthermore when checking a 32-bit...

Load Library Safely

Dynamically loading libraries in an application can lead to vulnerabilities if not secured properly. In this blog post we talk about loading a library using LoadLibraryEx API and make use of options to make it safe. Know the defaults: The library file name passed to LoadLibrary / LoadLibraryEx ca...

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting XSS attacks, via a crafted web sit...

CVE-2014-1719

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...

UBUNTU-CVE-2014-1719

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...

Design/Logic Flaw

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...

CVE-2014-1719

Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworkerstub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service heap memory corruption or possibly have...