CVE-2010-1870

The CVE-2010-1870 entry covers OGNL expression evaluation in XWork (Struts 2.0.0–2.1.8.1) with a permissive whitelist that allows remote modification of server-side context objects and bypass of the # protection via OGNL context variables (e.g., #context, #root, #this, etc.). Cisco advisory notes...

CVE-2010-1870

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...

Security Settings for ActiveX controls and OLE objects in Office 2003 and in the 2007 Office suite

Resolves the issue on how users can have the ability to control if and how ActiveX controls and OLE objects load with an Office kill-bit list.Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can...

CVE-2010-1903

Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."...

Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerabilit...

PT-2010-3513 · Microsoft · Windows Vista +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through R2 Microsoft Windows 7 Description: A denial of service issue exists due to improper validation of access control lists on kernel objects. Th...

Microsoft Word HTML Linked Objects Memory Corruption (MS10-056; CVE-2010-1903)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to an error in Microsoft Word that fails to properly parse specially crafted Word files. A remote attacker could trigger this flaw by...

Apple Safari Webkit CSS Charset Text Transformation Code Execution (CVE-2010-1770)

Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...

Microsoft Internet Explorer 7 HTML Object Memory Corruption (CVE-2007-0947)

Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, etc. Extensions to the basic HTML standa...

Firefox + NoScript Configurations

From the NoScript Options screen, select the Embeddings tab to find options for dealing with potentially dangerous objects on untrusted sites. You can also choose to apply these restrictions of whitelisted trusted sites. If this option is too intrusive, it can be turned off at the cost of increas...

Mozilla Products Frame Comment Objects Manipulation Memory Corruption (CVE-2006-6504)

There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in specific dynamic manipulations of external Document Object Model DOM objects, specifically comment objects, using scripting techniques. A remote attacker can exploit this...

Microsoft Office multiple security vulnerabilities

Code execution via embedded COM objects, multiple Excel memory corruptions...

CVE-2010-1758

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving DOM Range objects...

CVE-2010-1758

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving DOM Range objects...

Design/Logic Flaw

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving DOM Range objects...

CVE-2010-1758

Removed by vendor...

EUVD-2010-1778

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving DOM Range objects...

CVE-2010-1395

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issu...

CVE-2010-1395

Removed by vendor...

CVE-2010-1395

CVE-2010-1395 is a WebKit-based XSS vulnerability in Apple Safari prior to 5.0 (Mac OS X 10.5–10.6 and Windows) and Safari/WebKit prior to 4.1 on Mac OS X 10.4. It arises from a DOM constructor object scope management issue that allows remote attackers to inject arbitrary script or HTML via certa...