7491 matches found
Privilege escalation through plugin objects — Mozilla
Security researcher Mariusz Mlynski reported that it is possible to open a chrome privileged web page through plugin objects through interaction with SVG elements. This could allow for arbitrary code execution...
PT-2013-1678 · Ruby +3 · Ruby +3
Name of the Vulnerable Software and Affected Versions: Ruby version 1.8.7 Description: The safe-level feature in Ruby allows context-dependent attackers to modify strings via the NameErrorto s method when operating on Ruby objects. Recommendations: For Ruby version 1.8.7, at the moment, there is ...
Cross site scripting
Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins...
CVE-2012-6464
Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins...
CVE-2012-4859
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management aka TSM HSM before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors...
CVE-2012-5954
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management aka TSM HSM before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors...
Code injection
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management aka TSM HSM before 6.2.5.0 and 6.3.x before 6.3.1.0 allows remote attackers to read or modify HSM-managed file system objects via unknown vectors...
CVE-2012-4859
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management aka TSM HSM before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors...
JavaScript to Java
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application...
CVE-2012-4787
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that 1 was not properly initialized or 2 is deleted, aka "Improper Ref Counting Use After Free Vulnerability."...
Thunderbird 16.x Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird 16.x is potentially affected by the following security issues : - Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. CVE-2012-5842, CVE-2012-5843 - An error exists in the...
XrayWrappers exposes chrome-only properties when not in chrome compartment — Mozilla
Mozilla developer Peter Van der Beken discovered that same-origin XrayWrappers expose chrome-only properties even when not in a chrome compartment. This can allow web content to get properties of DOM objects that are intended to be chrome-only...
[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes
What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...
CVE-2012-4575
The adddatabase function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service daemon outage via a long database name in a request...
PT-2012-5484 · Pgbouncer · Pgbouncer
Name of the Vulnerable Software and Affected Versions: pgbouncer version 1.5.2 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon outage. This is achieved by sending a request with a long database name to the add database function in objects.c...
CVE-2012-5896
CVE-2012-5896 affects Quest InTrust, specifically the Annotation Objects ActiveX control (AnnotateX.dll) prior to or at 10.4.0.853. The vulnerability arises from the Add method not being properly implemented, enabling remote code execution via a memory address supplied in the first argument, tied...
Opera < 12.10 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 12.10 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to certificate revocation checking that can allow the application to indicate that a site is secure even though the check has...
Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution
No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...
Cross domain access to object constructors can be used to facilitate cross-site scripting – Opera Security Advisories
JavaScripts are able to redefine and override the methods of native objects. They may also do this with the native objects of any document that shares the same origin. By redefining the methods of another document through the constructor property of the document’s host objects, a malicious script...
IBM Rational ClearQuest 7.1.x < 7.1.2.8 / 8.0.0.x < 8.0.0.4 GSKit Spoofing (credentialed check)
The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.8 / 8.0.0.x prior to 8.0.0.4 installed. It is, therefore, affected by a spoofing vulnerability related to the included Global Security Kit GSKit and certificate objects. The GSKit does not enforce file integrity of the...