14 matches found
November 2015 Android Security Bulletin
The Stagefright vulnerabilities are the gifts that keep on giving. Months after the potentially devastating security flaws in the mobile OS were publicly disclosed, Google continues to send out patches addressing vulnerabilities related to the initial reports. Today’s monthly Android security...
openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-4458)
Mozilla Thunderbird was updated to the 3.1.10 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...
Ubuntu Update for tiff vulnerability USN-1102-1
Ubuntu Update for Linux kernel vulnerabilities USN-1102-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11021.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for tiff vulnerability USN-1102-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability
ZDI-11-107: Libtiff ThunderCode Decoder THUNDER2BITDELTAS Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-107 March 21, 2011 -- CVE ID: CVE-2011-1167 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Libtiff -- Affected Products: Libtiff libtiff --...
Google Fixes 19 Bugs in Chrome, Pays $14K in Bug Bounties
Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process. The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs...
Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
No description provided by source. -- CVE ID: CVE-2010-1199 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 3.6.x -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User...
SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)
The Rotor Banner module allows users to upload images which can then be displayed in a block and rotated through using jQuery. However, when these images are displayed, the values for the various image attributes srs, title, alt are not properly sanitized, leading to a cross site scripting XSS...
SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities
The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...
SA-CONTRIB-2010-044: Bibliography - Cross Site Scripting
The Bibliography module enables users to manage and display lists of scholarly publications. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability. This is mitigated by the fact that only users with the 'administer...
SA-CONTRIB-2010-032 - Taxonomy Breadcrumb - Cross Site Scripting (XSS)
The Taxonomy Breadcrumb module generates taxonomy based breadcrumbs on node pages and taxonomy/term pages. This module does not properly sanitize taxonomy term name and, for 6.x, node titles when displayed in breadcrumbs, leading to a Cross Site Scripting XSS vulnerability. XSS vulnerabilities ma...
SA-CONTRIB-2010-027: Email Input Filter - Arbitrary code execution
Email Input Filter converts email style markup into web friendly format. Arbitrary code execution vulnerability in this module allows a remote attacker with the ability to create content using an input format with the email input filter enabled to execute arbitrary PHP code on an affected system...
SA-CONTRIB-2010-028 - Tag Order - Cross Site Scripting
Tag Order module allows you to select vocabularies whose terms you would like to preserve in the original order entered per node. Taxonomy vocabulary names are not sanitized when being displayed on an administrative page, leading to a cross-site scripting XSS vulnerability. Such an attack may lea...
Drupal 6.15, 5.21 (API function drupal_goto) Open Redirect Vulnerability
Exploit for unknown platform in category web applications =========================================================================== Drupal 6.15, 5.21 API function drupalgoto Open Redirection Vulnerability =========================================================================== Open redirecti...
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish,...