2144 matches found
Mozilla: child nodes from nsDOMAttribute still accessible after removal of nodes (MFSA 2012-04)
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access...
CVE-2011-3659
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access...
Firefox 3.6 < 3.6.26 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox 3.6 is earlier than 3.6.26. Such versions are potentially affected by multiple vulnerabilities : - A use-after-free error exists related to removed nsDOMAttribute child nodes.CVE-2011-3659 - The IPv6 literal syntax in web addresses is not being properly enforced...
Child nodes from nsDOMAttribute still accessible after removal of nodes — Mozilla
Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute can be accessed under certain circumstances because of a premature notification of AttributeChildRemoved. This use-after-free of the child nodes could possibly allow for remot...
Fedora Update for torque FEDORA-2012-0372
Check for the Version of torque OpenVAS Vulnerability Test Fedora Update for torque FEDORA-2012-0372 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 15 Update: torque-3.0.3-1.fc15
TORQUE Tera-scale Open-source Resource and QUEue manager is a resource manager providing control over batch jobs and distributed compute nodes. TORQUE is based on OpenPBS version 2.3.12 and incorporates scalability, fault tolerance, and feature extension patches provided by USC, NCSA, OSC, the U....
JBoss 'mod_cluster'安全绕过漏洞
Bugtraq ID: 51554 CVE ID:CVE-2011-4608 JBOSS是一个基于J2EE的开放源代码的应用服务器。 modcluster允许worker节点在任意虚拟主机vhost上注册,而无视应用在其他虚拟主机上的安全性限制。在某些环境下,一个vhost配置为内部worker节点,而另一个配置为服务外部内容。远程攻击者可以利用此缺陷通过没有配置应用安全限制的外部虚拟主机注册为攻击者控制的worker节点,然后使用worker节点服务恶意内容,截获验证凭据,劫持用户会话。 0 Red Hat JBoss Enterprise Web Server for RHEL 6...
Important: Red Hat Security Advisory: mod_cluster-native security update
An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Web Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
Important: Red Hat Security Advisory: mod_cluster-native security update
An update for the Native components for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: mod_cluster-native security update
An updated modcluster-native package that fixes one security issue is now available for JBoss Enterprise Application Platform 5.1.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scorin...
Important: Red Hat Security Advisory: mod_cluster-native security update
An update for the modcluster native component for JBoss Enterprise Web Server 1.0.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System...
Important: Red Hat Security Advisory: mod_cluster-native security update
Updated modcluster packages that fix one security issue are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...
[SECURITY] Fedora 15 Update: python-celery-2.2.8-1.fc15
An open source asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The execution units, called tasks, are executed concurrently on one or more worker nodes using multiprocessing, Eventlet or gevent. Tasks c...
Fedora 16 : puppet-2.6.12-1.fc16 (2011-14880)
A bug in puppet's SSL certificate handling could allow nodes with a valid certificate to impersonate the puppet master. To be vulnerable, a user would have had to set the certdnsnames variable and generated certificates. This setting is not set by default in the Fedora/EPEL packages. This update...
bitcoin-getaddr NSE Script
Queries a Bitcoin server for a list of known Bitcoin nodes Script Arguments max-newtargets, newtargets See the documentation for the target library. Example Usage nmap -p 8333 --script bitcoin-getaddr Script Output PORT STATE SERVICE 8333/tcp open unknown | bitcoin-getaddr: | ip timestamp |...
Researchers To Demonstrate Tor Network Hijack Method
Researchers at the Hackers To Hackers Conference in Brazil will detail a method of hijacking the TOR anonymity network, potentially putting its users at risk, while The Tor Project accuses one of the researchers of irresponsible disclosure. The presentation combines work done by Eric Filiol of th...
Code injection
Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2011-2879
Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2011-2879
Removed by vendor...