UBUNTU-CVE-2016-1706

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to...

Google Fixes 48 Bugs, Sandbox Escape, in Chrome

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are rated as high risks and Google paid out more than $22,000 i...

Fedora 24 : roundcubemail-1.1.5-1.fc24 (2016-aff691237e)

Release 1.1.5 Plugin API: Added html2text hook Plugin API: Added addressbookexport hook Fix missing emoticons on html-to-text conversion Fix random 'access to this resource is secured against CSRF' message at logout 4956 Fix missing language name in 'Add to Dictionary' request in HTML mode 4951...

Fedora 22 : roundcubemail-1.1.5-1.fc22 (2016-a9c8f9dcff)

Release 1.1.5 Plugin API: Added html2text hook Plugin API: Added addressbookexport hook Fix missing emoticons on html-to-text conversion Fix random 'access to this resource is secured against CSRF' message at logout 4956 Fix missing language name in 'Add to Dictionary' request in HTML mode 4951...

Fedora 23 : roundcubemail-1.1.5-1.fc23 (2016-69eb7f9fb2)

Release 1.1.5 Plugin API: Added html2text hook Plugin API: Added addressbookexport hook Fix missing emoticons on html-to-text conversion Fix random 'access to this resource is secured against CSRF' message at logout 4956 Fix missing language name in 'Add to Dictionary' request in HTML mode 4951...

[SECURITY] [DSA 3507-1] chromium-browser security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3507-1 [email protected] https://www.debian.org/security/ Michael Gilbert March 05, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3507-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-8126 Joerg Bornemann discovered multiple buffer overflow issues in the libpng library. CVE-2016-1630 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in Blink/Webkit. CVE-2016-1631 Mariusz Mlynski...

UBUNTU-CVE-2016-1949

Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

MySQL 5.6.x < 5.6.20 Multiple Vulnerabilities (October 2014 CPU)

The version of MySQL installed on the remote host is version 5.6.x prior to 5.6.20. It is, therefore, affected by errors in the following components : - CLIENT:MYSQLADMIN - CLIENT:MYSQLDUMP - SERVER:CHARACTER SETS - SERVER:DML - SERVER:MEMORY STORAGE ENGINE - SERVER:MyISAM - SERVER:PRIVILEGES...

CVE-2012-5534

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

DEBIAN-CVE-2012-5534

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

CVE-2012-5534

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

CVE-2012-5534

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

Command injection

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

CVE-2012-5534

WeeChat vulnerability CVE-2012-5534 affects the hook_process() in the plugin API for versions 0.3.0–0.3.9.1, allowing remote command execution via shell metacharacters in a plugin-derived command (shell expansion). Impact described across several advisories: remote code execution or other effects...

CVE-2012-5534

The hookprocess function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."...

CVE-2011-2996

Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

CVE-2011-2996

Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

CVE-2011-2996

CVE-2011-2996 concerns an unspecified vulnerability in the Firefox plugin API present in Firefox 3.6.x up to (but before) 3.6.23. The issue could enable a remote attacker to cause memory corruption and an application crash, with the potential for arbitrary code execution via unknown vectors. Publ...