UBUNTU-CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...

Windows can retain access to privileged content on navigation to unprivileged pages — Mozilla

Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could...

RichFaces: Remote Command Execution via insufficient EL parameter sanitization

It was found that the 'do' parameter permitted expression language EL injection, which could allow a remote attacker to execute Java methods on an affected server...

UBUNTU-CVE-2015-1782

The kexagreemethods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service crash or have other unspecified impact via crafted length values in an SSHMSGKEXINIT packet...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...

Cisco Web Security Appliance Remote Security Bypass Vulnerability

The Cisco Web Security Appliance is a secure Web gateway that integrates malware protection, application visualization control, policy control, and more in one platform. A security vulnerability exists in the Cisco Web Security Appliance that allows an attacker to submit specially crafted HTTP...

Cisco Web Security Appliance HTTP Proxy Bypass Vulnerability

A vulnerability in the proxy engine of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass the security restriction. The vulnerability is due to improper handling of malformed HTTP methods. An attacker could exploit this vulnerability by crafting an...

CrushFTP 7.2.0 Cross Site Request Forgery / Cross Site Scripting

======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default configuration. These vulnerabilities allows an...

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

bash vulnerability detection several methods-vulnerability warning-the black bar safety net

You can use the following command to check the system for the existence of this vulnerability in native Bash environment, run: the Broken shells 1, CVE-2 0 1 4-6 2 7 1, Test Method: env x=' :;; echo vulnerable' bash-c "echo this is a test" Such as the implementation of the following results...

ThinkPHP 3.0~3.2 SQL injection vulnerability in detail and use-vulnerability and early warning-the black bar safety net

! ThinkPHP 3.03.2 a target=SQL injection vulnerability in detail with the use of" style="border: 0px;" onload="return imgzoomthis,5 5 0;" onclick="javascript:window. openthis. src;" style="cursor:pointer;"/ 0x00 background thinkphp recent vulnerability frequency, this exploit belongs to the...

Instant PDF Password Protector - Password Protect PDF file

Instant PDF Password Protector is the Free tool to quickly Password Protect PDF file on your system. With a click of button, you can lock or protect any of your sensitive/private PDF documents. You can also use any of the standard Encryption methods - RC4/AES 40-bit, 128-bit, 256-bit based upon t...

Easewe FTP OCX Arbitrary File Execution Vulnerability

Easewe FTP OCX is easy to use ftp activex component that supports all standard ftp features. Easewe FTP OCX version 4.5.0.9 EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx fails to restrict access to certain methods, allowing remote attackers to exploit a vulnerability to execute arbitrary...

Cisco Jabber Guest Server Cross-Site Scripting Vulnerability

Cisco Jabber Guest Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

CVE-2014-7241

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document...

CVE-2014-7241

The CVE-2014-7241 issue affects the TSUTAYA App for Android (versions 5.3 and earlier). A vulnerability allows a remote attacker to cause arbitrary Java method execution by presenting a crafted HTML document. This is documented across multiple sources (NVD, CNVD, JVN) and is mitigated by updating...

PT-2020-7585 · Dbi +3 · Dbi +3

Name of the Vulnerable Software and Affected Versions: DBI module versions prior to 1.632 for Perl Description: An issue in the DBI module for Perl may lead to memory corruption when using many arguments to methods for Callbacks. Recommendations: For versions prior to 1.632, update to version 1.6...

zANTI 2.0 - Android Network Toolkit

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to...

PTC IsoView Activex Control Multiple Animation Methods Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...