SeaMonkey < 2.17 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.17 and thus, is potentially affected by the following vulnerabilities : - Various memory safety issues exist. CVE-2013-0788, CVE-2013-0789 - An out-of-bounds memory read error exists related to 'CERTDecodeCertPackage' and certificate decoding...

Design/Logic Flaw

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments...

CVE-2013-0977

CVE-2013-0977 affects Apple iOS prior to 6.1.3 and Apple TV prior to 5.2.1. The issue is a state-management flaw in loading Mach-O executable files with overlapping segments, which allows a local user to bypass code-signing requirements. Impact, as stated in multiple sources, is local execution o...

Code injection

Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream...

Ramnit Malware Back and Better at Avoiding Detection

The Ramnit malware family has been given a facelift with new anti-detection capabilities, a troubleshooting module, as well as enhanced encryption and malicious payloads. Tim Liu of the Microsoft Malware Protection Center said Ramnet resurfaced late last year and its keepers had stripped out all ...

CVE-2013-0095

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebK...

CVE-2013-0095

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebK...

Debian Security Advisory DSA 2643-1 (puppet - several vulnerabilities)

Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the...

[Pentoo 2013.0 RC1.1] Security-Focused live CD based on Gentoo

Pentoo is a security-focused live CD based on Gentoo It's basically a Gentoo install with lots of customized tools, customized kernel, and much more. Pentoo 2013.0 RC1.1 features : Changes saving CUDA/OpenCL Enhanced cracking software John the ripper Hashcat Suite of tools Kernel 3.7.5 and all...

CVE-2011-4355

GNU Project Debugger GDB before 7.5, when .debuggdbscripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts...

[IA48] Photodex ProShow Producer v5.0.3297 Insecure Library Loading Vulnerability

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Uncontrolled Search Path Element CWE-427 Date found: 2013-02-23 Date published: 2013-02-23 CVSSv2 Score: 4,4...

SuSE 11.2 Security Update : inkscape (SAT Patch Number 7380)

inkscape was updated to fix a XXE Xml eXternal Entity attack during rasterization of SVG images CVE-2012-5656, where the rendering of malicious SVG images could have connected from inkscape to internal hosts. Also inkscape would have loaded .EPS files from untrusted /tmp occasionaly instead from...

Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities

source: https://www.securityfocus.com/bid/58131/info Photodex ProShow Producer is prone to multiple arbitrary code-execution vulnerabilities. An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to open a customized library file from application pat...

Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities

Photodex ProShow Producer - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities source: https://www.securityfocus.com/bid/58131/info Photodex ProShow Producer is prone to multiple arbitrary code-execution vulnerabilities. An attacker can exploit these issues by enticing a legitimate use...

Google Chrome < 25.0.1364.97 Multiple Vulnerabilities

Binary data 6694.pasl...

Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26)

Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafte...

mora Downloader may insecurely load executable files

Overview mora Downloader may use unsafe methods for determining how to load executables .exe mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Kazuhiko Kusano of Graduate School of Information Sciences, Tohoku...

JVN#91387819: mora Downloader may insecurely load executable files

mora Downloader contains an issue in the file search path when loading files, which may insecurely load executables or other files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest version according to t...

OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previou...

Ubuntu Update for linux USN-1699-2

Check for the Version of linux OpenVAS Vulnerability Test $Id: gbubuntuUSN16992.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for linux USN-1699-2 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...