1284 matches found
Google Chrome < 43.0.2357.130 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. CVE-2015-1266 - A cross-origin bypas...
Google Fixes Handful of Bugs in Chrome
Google has fixed several vulnerabilities in Chrome, including a pair of cross-origin bypasses and a high-risk scheme validation error. The new release updates Chrome to version 43.0.2357.130 and there are patches for other security flaws as well, though Google has only published information on fo...
www/chromium -- multiple vulnerabilities
Google Chrome Releases reports: 4 security fixes in this release: 464922 High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. 494640 High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. 497507 Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit...
GoAhead 3.4.1 Heap Overflow / Traversal
Affected software: GoAhead Web Server Affected versions: 3.0.0 - 3.4.1 3.x.x series before 3.4.2 CVE ID: CVE-2014-9707 Description: The server incorrectly normalizes HTTP request URIs that contain path segments that start with a "." but are not entirely equal to "." or ".." eg. ".x". By sending a...
Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...
DEBIAN-CVE-2014-5270
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...
CVE-2014-5270
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...
UBUNTU-CVE-2014-5270
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed...
[SECURITY] Fedora 19 Update: mingw-icu-50.1.2-3.fc19
ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...
[SECURITY] Fedora 20 Update: mingw-icu-50.1.2-3.fc20
ICU is a set of C and C++ libraries that provides robust and full-featured Unicode and locale support. The library provides calendar support, conversions for many character sets, language sensitive collation, date and time formatting, support for many locales, message catalogs and resources,...
[SECURITY] Fedora 18 Update: nodejs-normalize-package-data-0.2.0-1.fc18
normalize-package-data exports a function that normalizes package metadata. This data is typically found in a package.json file, but in principle could come from any source - for example the npm registry. normalize-package-data is used by read-package-json to normalize the data it reads from a...
Alienvault OSSIM SIEM 4.1 SQL Injection
Title: Alienvault OSSIM Open Source SIEM 4.1 Multiple SQL Vulnerabilities Date: February 15, 2013 Author: Glafkos Charalambous Vendor: AlienVault Vendor URL: http://www.alienvault.com Reported: February 17, 2013 Timeline: --------- 17 Feb 2013: Vulnerability Reported to AlienVault 19 Feb 2013:...
OSSAMS - Open Source Security Assessment Management System
OSSAMS - Open Source Security Assessment Management System As information security professionals, we conduct security assessments for companies. One of the biggest problems we have is after all the data is collected, how can we correlate the data accurately. So we decided to start a project to...
Code injection
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...
CVE-2010-4746
Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...
CVE-2010-2766
CVE-2010-2766 is a memory/DOM handling flaw in Mozilla’s browser engines where the normalization code could remove DOM nodes during traversal, leading to an access of a deleted object and potential code execution. Affected products and versions per the provided documents: Mozilla Firefox before 3...
CVE-2010-2766
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...
Mozilla Patches Firefox DLL Load Hijacking Bug
Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...
Mozilla Crash and remote code execution in normalizeDocument (MFSA 2010-57)
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...
SeaMonkey < 2.0.7 Multiple Vulnerabilities
Binary data 800885.prm...