Lucene search
K

1319 matches found

Mozilla
Mozilla
added 2013/08/06 12:0 a.m.36 views

Use after free mutating DOM during SetBody — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...

9.3CVSS2.2AI score0.04502EPSS
Exploits0References2Affected Software2
UbuntuCve
UbuntuCve
added 2013/03/20 3:55 p.m.30 views

CVE-2013-1842

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...

7.5CVSS6.2AI score0.03121EPSS
Exploits0References1
Prion
Prion
added 2013/03/20 3:55 p.m.28 views

Sql injection

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...

7.5CVSS8.9AI score0.03121EPSS
Exploits0References8Affected Software1
FreeBSD
FreeBSD
added 2013/03/06 12:0 a.m.16 views

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: Extbase Framework - Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and...

0.6AI score
Exploits0References1
ThreatPost
ThreatPost
added 2013/01/07 8:35 p.m.20 views

Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts

Security researcher Shahin Ramezany developed an XSS proof-of-concept exploit that he claims puts some 400 million Yahoo Mail users at risk of having their accounts taken over. In a video posted on YouTube last night, Ramezanydemonstrated an exploit for what he claims is a document object...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.38 views

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

A race condition flaw was found in the way SeaMonkey handled Document Object Model DOM element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3765 After installi...

9.8CVSS8.1AI score0.83279EPSS
Exploits14References2
RedHat Linux
RedHat Linux
added 2012/07/05 7:23 p.m.4 views

RESTEasy: XML eXternal Entity (XXE) flaw

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

5CVSS7.5AI score0.03213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/04/02 8:5 p.m.3 views

RESTEasy: XML eXternal Entity (XXE) flaw

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...

5CVSS7.5AI score0.03213EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/08/16 6:38 p.m.48 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS7.5AI score0.05556EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2011/08/16 6:31 p.m.40 views

Critical: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

10CVSS7.4AI score0.05556EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2011/07/19 12:0 a.m.11 views

Apple Safari WebKit Range Object Remote Code Execution (CVE-2011-0115)

A Remote attacker can exploit this vulnerability by enticing an unsuspecting target user to open a maliciously crafted web page. Successful exploitation of this vulnerability may enable an attacker to execute code in an affected system in the security context of the logged in user. A remote code...

7.6CVSS9.3AI score0.03181EPSS
Exploits0
ThreatPost
ThreatPost
added 2011/06/21 8:19 p.m.13 views

Google's New Tool, DOM Snitch, Finds JavaScript Flaws

Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications. The new application is a Chrome browser extension that works by injecting hooks into a...

1.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/11/10 7:0 p.m.59 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

9.8CVSS7.6AI score0.83279EPSS
Exploits16References14
OpenVAS
OpenVAS
added 2010/11/04 12:0 a.m.335 views

CentOS Update for seamonkey CESA-2010:0810 centos4 i386

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2010:0810 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

9.3CVSS9.4AI score0.83279EPSS
Exploits14References2
OpenVAS
OpenVAS
added 2010/11/04 12:0 a.m.38 views

RedHat Update for xulrunner RHSA-2010:0809-01

Check for the Version of xulrunner OpenVAS Vulnerability Test RedHat Update for xulrunner RHSA-2010:0809-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

9.3CVSS0.3AI score0.83279EPSS
Exploits14References2
Zero Day Initiative
Zero Day Initiative
added 2010/07/20 12:0 a.m.36 views

Mozilla Firefox NodeIterator Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application'...

10CVSS4.6AI score0.05384EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2009/12/13 12:0 a.m.5 views

Internet Explorer COM Object Instantiation Memory Corruption (CVE-2006-4495)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating an object. ...

7.5CVSS7.3AI score0.20205EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/10/22 12:0 a.m.13 views

Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042; CVE-2006-3638)

Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating a COM objec...

7.5CVSS7.4AI score0.36797EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2009/07/22 12:27 a.m.2 views

Mozilla Browser engine crashes

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...

10CVSS6.2AI score0.05414EPSS
Exploits1References4
Cisco
Cisco
added 2009/06/24 4:8 p.m.30 views

Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability

Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...

4.3CVSS6.1AI score0.08828EPSS
Exploits2References1
Rows per page
Query Builder