1319 matches found
Use after free mutating DOM during SetBody — Mozilla
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...
CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
Sql injection
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
typo3 -- Multiple vulnerabilities in TYPO3 Core
Typo Security Team reports: Extbase Framework - Failing to sanitize user input, the Extbase database abstraction layer is susceptible to SQL Injection. TYPO3 sites which have no Extbase extensions installed are not affected. Extbase extensions are affected if they use the Query Object Model and...
Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts
Security researcher Shahin Ramezany developed an XSS proof-of-concept exploit that he claims puts some 400 million Yahoo Mail users at risk of having their accounts taken over. In a video posted on YouTube last night, Ramezanydemonstrated an exploit for what he claims is a document object...
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
A race condition flaw was found in the way SeaMonkey handled Document Object Model DOM element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3765 After installi...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
RESTEasy: XML eXternal Entity (XXE) flaw
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity XXE injection attack...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Critical: Red Hat Security Advisory: thunderbird security update
An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...
Apple Safari WebKit Range Object Remote Code Execution (CVE-2011-0115)
A Remote attacker can exploit this vulnerability by enticing an unsuspecting target user to open a maliciously crafted web page. Successful exploitation of this vulnerability may enable an attacker to execute code in an affected system in the security context of the logged in user. A remote code...
Google's New Tool, DOM Snitch, Finds JavaScript Flaws
Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications. The new application is a Chrome browser extension that works by injecting hooks into a...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
CentOS Update for seamonkey CESA-2010:0810 centos4 i386
Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2010:0810 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
RedHat Update for xulrunner RHSA-2010:0809-01
Check for the Version of xulrunner OpenVAS Vulnerability Test RedHat Update for xulrunner RHSA-2010:0809-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Mozilla Firefox NodeIterator Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application'...
Internet Explorer COM Object Instantiation Memory Corruption (CVE-2006-4495)
Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating an object. ...
Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042; CVE-2006-3638)
Microsoft Internet Explorer allows HTML documents to embed ActiveX controls for the authoring of dynamic web content. ActiveX controls are based on Component Object Model COM technology. The invocation of an ActiveX control is performed by Internet Explorer by internally instantiating a COM objec...
Mozilla Browser engine crashes
The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1 the frame chain and synchronous events, 2 a SetMayHaveFrame assertion and...
Cisco ASA Adaptive Security Appliance Clientless SSL VPN DOM Cross-Site Scripting Vulnerability
Cisco ASA Adaptive Security Appliance Software versions prior to 8.0.434, 8.1.225, and 8.2.13 that are configured to accept Clientless SSL VPN connections are affected by a cross-site scripting vulnerability. Versions 7.x are not affected. The vulnerability is due to insufficient restrictions on...