3370 matches found
CVE-2015-2309
Unsafe methods in the Request class...
Unsafe methods in the Request class
More info at https://symfony.com/cve-2015-2309...
Unsafe methods in the Request class
More info at https://symfony.com/cve-2015-2309...
CVE-2015-0802
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...
UBUNTU-CVE-2015-0802
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...
Windows can retain access to privileged content on navigation to unprivileged pages — Mozilla
Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could...
RichFaces: Remote Command Execution via insufficient EL parameter sanitization
It was found that the 'do' parameter permitted expression language EL injection, which could allow a remote attacker to execute Java methods on an affected server...
UBUNTU-CVE-2015-1782
The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet...
ipa security, bug fix, and enhancement update
4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...
OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...
Cisco Web Security Appliance Remote Security Bypass Vulnerability
The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more in one platform. A security vulnerability exists in the Cisco Web Security Appliance that allows an attacker to submit specially crafted HTTP...
Cisco Web Security Appliance HTTP Proxy Bypass Vulnerability
A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an...
CrushFTP 7.2.0 Cross Site Request Forgery / Cross Site Scripting
======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default configuration. These vulnerabilities allows an...
Researchers: PlugX More Prominent Than Ever
Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...
bash vulnerability detection several methods-vulnerability warning-the black bar safety net
You can use the following command to check the system for the existence of this vulnerability in native Bash environment, run: the Broken shells 1, CVE-2 0 1 4-6 2 7 1, Test Method: env x=' :;; echo vulnerable' bash-c "echo this is a test" Such as the implementation of the following results...
ThinkPHP 3.0~3.2 SQL injection vulnerability in detail and use-vulnerability and early warning-the black bar safety net
! ThinkPHP 3.03.2 a target=SQL injection vulnerability in detail with the use of" style="border: 0px;" onload="return imgzoomthis,5 5 0;" onclick="javascript:window. openthis. src;" style="cursor:pointer;"/ 0x00 background thinkphp recent vulnerability frequency, this exploit belongs to the...
Instant PDF Password Protector - Password Protect PDF file
Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...
Easewe FTP OCX Arbitrary File Execution Vulnerability
Easewe FTP OCX is easy to use ftp activex component that supports all standard ftp features. Easewe FTP OCX version 4.5.0.9 EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx fails to restrict access to certain methods, allowing remote attackers to exploit a vulnerability to execute arbitrary...
Cisco Jabber Guest Server Cross-Site Scripting Vulnerability
Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...
CVE-2014-7241
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document...