CVE-2016-6896

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...

SPIP Cross-Footprint Vulnerability (CNVD-2016-13014)

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A cross-scripting vulnerability exists in the /ecrire/exec/infoplugin.php file in SPIP version 3.1.x. A remote attacker can inject arbitrary script or HTML with the help of a specially craft...

CVE-2016-9998

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/infoplugin.php involving the $plugin parameter, as demonstrated by a /ecrire/?exec=infoplugin URL...

UBUNTU-CVE-2016-9998

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/infoplugin.php involving the $plugin parameter, as demonstrated by a /ecrire/?exec=infoplugin URL...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-2807)

This update brings Mozilla Firefox to the 3.6.8 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211 / CVE-2010-1212: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of thes...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-2779)

This update brings Mozilla XULRunner to the 1.9.1.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show...

CVE-2012-4928

Cross-site scripting XSS vulnerability in owupdates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter...

CVE-2012-4928

Cross-site scripting XSS vulnerability in owupdates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7101)

This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security issues : - Several memory safety bugs in habe been identified in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs show evidence of memory corruption under certain...

FreeBSD : firefox -- Dangling pointer crash regression from plugin parameter array fix (c2eac2b5-9a7d-11df-8e32-000f20797ede)

The Mozilla Project reports : MFSA 2010-48 Dangling pointer crash regression from plugin parameter array fix %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)

This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0430-3)

This update brings Mozilla Firefox to the 3.5.11 security release. It fixes following security bugs: MFSA 2010-34 / CVE-2010-1211: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

Mozilla Products Multiple Vulnerabilitie july-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnwin01jul10.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Multiple Vulnerabilitie july-10 Windows Authors: Antu Sanadi Copyright: Copyrig...

Mozilla arbitrary free flaw

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...

Mozilla arbitrary free flaw

layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...

Mozilla Foundation Security Advisory 2010-48

Mozilla Foundation Security Advisory 2010-48 Title: Dangling pointer crash regression from plugin parameter array fix Impact: Critical Announced: July 20, 2010 Reporter: Daniel Holbert Products: Firefox 3.6.7 Fixed in: Firefox 3.6.8 Description Mozilla developer Daniel Holbert reported that the f...

Firefox Hit by Drive-by Download Flaws

Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks. The latest Firefox 3.6.7 update includes fixes for nine “critical” issues that could be exploited to launch remote code executi...

Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability — Mozilla

Security researcher J23 reported via TippingPoint's Zero Day Initiative an error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integ...

Directory traversal

Multiple directory traversal vulnerabilities in Galatolo WebManager GWM 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in 1 the plugin parameter to admin/plugins.php or 2 the com parameter to index.php...

CVE-2008-2699

Multiple directory traversal vulnerabilities in Galatolo WebManager GWM 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in 1 the plugin parameter to admin/plugins.php or 2 the com parameter to index.php...