Mozilla Thunderbird Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expressio...

Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expressio...

CVE-2014-6140

IBM Tivoli Endpoint Manager Mobile Device Management MDM before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to 1 Enrollment and Apple iOS Management...

Code injection

IBM Tivoli Endpoint Manager Mobile Device Management MDM before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to 1 Enrollment and Apple iOS Management...

Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

UBUNTU-CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document...

Microsoft Windows OLE Object Handling Code Execution Vulnerabilities (3011443)

This host is missing a critical security update according to Microsoft Bulletin MS14-064. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mayhem Shellshock Infection Attempt

Mayhem uses a PHP script to drop malicious objects to the affected client...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

Scientific Linux Security Update : php53 on SL5.x i386/x86_64 (20141030)

A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exifthumbnail function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. CVE-2014-3670 An integer overflo...

PYSEC-2014-42

The batch id change script renameObjectsByPaths.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request...

Important: Red Hat Security Advisory: php security update

Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

USN-2391-1 php5 vulnerabilities

Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2014-3668 Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote...