JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

Design/Logic Flaw

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

Design/Logic Flaw

Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

CVE-2011-4692

The CVE-2011-4692 issue affects WebKit as used by Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier. The root cause is that the browser does not prevent timing-based data leakage when loading images, allowing remote attackers to infer whether an image is cached via crafted JavaScrip...

CVE-2011-4692

WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as...

CVE-2011-4690

Opera 11.60 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code...

PT-2011-48: Multiple Vulnerabilities in AtMail

Specialists from the Positive Technologies Research Center have revealed multiple vulnerabilities in the AtMail webmail interface. 1. Arbitrary Files Loading The system allows one to load files attached to email letters. File extension is not checked; thus, arbitrary files including .php files ca...

Authentication flaw

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

CVE-2011-4051

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

Century wind enterprise website management system vulnerability-vulnerability warning-the black bar safety net

by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+css architecture,is...

Century wind enterprise website management system plug horse vulnerabilities and fixes-vulnerability warning-the black bar safety net

From www.0855.tv by Mr. DzY Century wind enterprise website management system of SME-oriented Web Site Management System,page fine,atmosphere. Having a stable set of strong,multi-function,Safety,code loading speed,web site content management, easy operation and other advantages. The use of div+cs...

CVE-2011-2461

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...

CVE-2011-2461

Cross-site scripting XSS vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains...

PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass

According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface ffi extension does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary D...

freetype security update

2.3.11-6.el61.8 - Add freetype-2.3.11-CVE-2011-3439.patch Various loading fixes. - Resolves: 754011...

Firefox 8.0 Null Pointer Dereference PoC

No description provided by source. Firefox = 8.0 null pointer dereference PoC exploit Author: 0in Maksymilian Motyl Tested on Firefox 8.0/4.0 on windows and Firefox 7.1 on Linux Lets see in code: $ cat ./mozilla-release/content/base/src/nsObjectLoadingContent.cpp NSIMETHODIMP...

Mozilla Firefox 8.0 Null Pointer Dereference

Firefox GetStatus&status; // Code execution is here. // --------------------------------------------------------------------------------- DUMP: 014E7A28 8B7D 08 MOV EDI,DWORD PTR SS:EBP+8 014E7A2B 8B07 MOV EAX,DWORD PTR DS:EDI ; access violation when reading 0x00000000 014E7A2D 8D4D FC LEA...

Windows Mail/Meeting Space不安全库加载漏洞(MS11-085)

CVE ID: CVE-2011-2016 Microsoft Windows是流行的计算机操作系统。 Microsoft Windows在实现上存在安全漏洞，可被恶意用户利用控制受影响系统。 此漏洞源于Windows Mail和Windows Meeting Space以不安全方式加载某些库，通过诱使用户打开远程WebDAV或SMB共享上的EML或WCLNV文件加载任意库。 0 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 厂商补丁： Microsoft ---------...