EUVD-2013-5434

Malware in sbrugna...

GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token

GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...

CVE-2013-5594

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding...

SUSE CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

PT-2023-9887 · Unknown · Gesellix Titlelink

Name of the Vulnerable Software and Affected Versions: gesellix titlelink affected versions not specified Description: A critical issue was found in gesellix titlelink on Joomla, affecting an unknown functionality of the file plugin content title.php. The manipulation of the phrase argument leads...

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

Insecure Authorization

strapi-plugin-content-type-builder suffers from insecure authorization. The admin::hasPermissions restriction for the content-type-builder CTB routes are not configured, allowing unauthorized access to the affected resources...

@koj/strapi (>=0.0.0 <=1.4.0), strapi-editorjs (=0.0.1) +1 more potentially affected by CVE-2020-27666 via strapi-plugin-content-manager (>=3.0.0-beta.18.7 <=3.1.6)

strapi-plugin-content-manager NPM version =3.0.0-beta.18.7, =0.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 Source cves: CVE-2020-27666 Source advisory: OSV:GHSA-QVP5-MM7V-4F36...

Monstra CMS 3.0.4 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested...

Monstra CMS 3.0.4 - Remote Code Execution

Monstra CMS 3.0.4 - Remote Code Execution. CVE-2018-9037. Webapps exploit for PHP platform Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Date: 2018-05-14 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link:...

Google to Pause Flash Ads in Chrome Starting Next Week

Google on Tuesday will begin pausing Flash ads by default in Chrome, a move that is designed mainly to help improve browser speed, but that will also be a security upgrade for users. The company announced the plan back in June and said this week that it will make the behavior the default setting...

CVE-2010-1214

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

Integer overflow

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

CVE-2010-1214

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

CVE-2010-1214

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements...

SuSE9 Security Update : epiphany (YOU Patch Number 12616)

This update brings Mozilla SeaMonkey to 1.1.19 fixing various bugs and security issues. The following security issues are fixed : - Mozilla developers took fixes from previously fixed memory safety bugs in newer Mozilla-based products and ported them to the Mozilla 1.8.1 branch so they can be...

CVE-2009-3385

The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash objec...

CVE-2009-3385

CVE-2009-3385 affects Mozilla SeaMonkey prior to 1.1.19. The vulnerability lies in the mail/HTML rendering component where scriptable plugin content (e.g., Flash) could be loaded and executed inside an iframe in HTML emails. This could allow a user-assisted attacker to access sensitive data or lo...

SeaMonkey < 1.1.19 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 1.1.19. Such versions are potentially affected by the following security issues : - The columns of a XUL tree element can be manipulated in a particular way that would leave a pointer owned by the column pointing to freed memory. MFSA 2009-49 - A...

Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)

The host is installed with Opera web browser and is prone to multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperamultvulndec08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple Vulnerabilities - Dec08 Windows Authors: Chandan S Copyright: Copyright c 2008...