ESA-2011-039: RSA(r), The Security Division of EMC, announces security fixes and improvements for RSASecurID(r) Software Token 4.1 for Microsoft(r)Windows(r)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-039: RSA®, The Security Division of EMC, announces security fixes and improvements for RSASecurID® Software Token 4.1 for Microsoft®Windows® Advisories Updated December 12, 2011 Summary: RSA, The Security Division of EMC, announces security...

Microsoft Windows multiple applications DLL hijacking

If application is launched via file type association, current path is set to the path file is located, making it's possible to place DLLs application tries to load dynamically into same directory...

FFFTP < 1.98d Untrusted Search Path Vulnerability (Dec 2011) - Windows

FFFTP is prone to untrusted search path vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Office multiple security vulnerabilities

Privilege escalation, use-after-free, insecure DLL loading, memory corruption...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka...

Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)

This host is missing an important security update according to Microsoft Bulletin MS11-094. OpenVAS Vulnerability Test $Id: secpodms11-094.nasl 6523 2017-07-04 15:46:12Z cfischer $ Microsoft Office PowerPoint Remote Code Execution Vulnerabilities 2639142 Authors: Antu Sanadi Copyright: Copyright ...

Microsoft Internet Explorer Multiple Vulnerabilities (2618444)

This host is missing an important security update according to Microsoft Bulletin MS11-099. OpenVAS Vulnerability Test $Id: secpodms11-099.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsoft Internet Explorer Multiple Vulnerabilities 2618444 Authors: Rachana Shetty Copyright: Copyright c 2011...

Microsoft PowerPoint Insecure Library Loading (MS11-094; CVE-2011-3396)

A remote code execution vulnerability has been reported in Microsoft PowerPoint. The vulnerability is due to an error in the way Microsoft PowerPoint restricts the path used for loading external libraries. A remote attacker could exploit this vulnerability by enticing a user to open a legitimate...

Microsoft PowerPoint CVE-2011-3396 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft PowerPoint is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location which contains a specially crafted Dynamic Link...

Internet Explorer Insecure Library Loading Code Execution (MS11-089; CVE-2011-2019)

A remote code execution vulnerability has been reported in Internet Explorer IE. The vulnerability is due to an error in the way IE restricts the path used for loading external libraries. A remote attacker could exploit this vulnerability by enticing a user to open a legitimate HTML file that is...

Microsoft Internet Explorer CVE-2011-2019 DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a specially crafted Dynamic...

Apple Safari WebKit Information Disclosure Vulnerability - Mac OS X

Apple Safari web browser is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)

The host is installed with Apple Safari web browser and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbapplesafariwebkitinfodiscvulnmacosx.nasl 7024 2017-08-30 11:51:43Z teissa $ Apple Safari WebKit Information Disclosure Vulnerability Mac OS X Authors: Sooraj...

JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

Design/Logic Flaw

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4692

The CVE-2011-4692 issue affects WebKit as used by Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier. The root cause is that the browser does not prevent timing-based data leakage when loading images, allowing remote attackers to infer whether an image is cached via crafted JavaScrip...