MediaWiki HTML Injection Vulnerability

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki, which stems from the failure of the 'xmlparse' function in the Zend interpreter to properly expand entities. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of a...

DEBIAN-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

UBUNTU-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

FreeXL Denial of Service Vulnerability (CNVD-2015-02146)

FreeXL is an open source library for extracting valid data from Excel .xls spreadsheets developed by software developer Alessandro Furieri. A security vulnerability exists in the 'parseSST' function in FreeXL versions prior to 1.0.0i. The vulnerability can be exploited by a remote attacker to cau...

openssl: PKCS7 NULL pointer dereference

A NULL pointer dereference was found in the way OpenSSL handled certain PKCS7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected ...

iOS, OS X Library AFNetwork Patches MiTM Vulnerability

Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle MiTM attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild f...

Facebook Parse - Secure & HTTP_only Bypass Vulnerability

Document Title: =============== Facebook Parse - Secure & HTTPonly Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1429 View Video: https://www.youtube.com/watch?v=1yUw7rtTTeI Release Date: ============= 2015-03-13 Vulnerability Laboratory ID VL-ID:...

Facebook Parse - Secure & HTTP_only Bypass Vulnerability

Document Title: =============== Facebook Parse - Secure & HTTPonly Bypass Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1429 View Video: https://www.youtube.com/watch?v=1yUw7rtTTeI Release Date: ============= 2015-03-13 Vulnerability Laboratory ID VL-ID:...

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01515)

Google Chrome is a simple and efficiently designed web browsing tool developed by Google. A memory misreference vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink before Google Chrome 41.0.2272.76 allows remote attackers to exploit t...

UBUNTU-CVE-2015-1220

Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size ...

UBUNTU-CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...

Out-of-bounds

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

UBUNTU-CVE-2014-9672

Array index error in the parsefond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service out-of-bounds read or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file...

Core-Image-Fun-House-2.0

2007-07-10 21:15:34.573 Core Image Fun House1061 CFLog 0: CFPropertyListCreateFromXMLData: plist parse failed; the data is notproper UTF-8. The file name for this data could be:...

DEBIAN-CVE-2014-8625

Multiple format string vulnerabilities in the parseerrormsg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 package or 2 architecture name...

UBUNTU-CVE-2014-9496

The sd2parsersrcfork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a 1 map offset or 2 rsrc marker, which triggers an out-of-bounds read...

DEBIAN-CVE-2013-7401

The parserequest function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service crash via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method...

UBUNTU-CVE-2013-7401

The parserequest function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service crash via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method...

DEBIAN-CVE-2014-9378

Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted 1 name to the parseline function in mdnsspoof/mdnsspoof.c or 2 base64 encoded password to the dissectorimap function in...

Microsoft Office Word Remote Code Execution Vulnerabilities (3009710)

This host is missing an important security update according to Microsoft Bulletin MS14-069. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...