CVE-2010-2302

Use-after-free vulnerability in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via vectors involving remote fonts in conjunction with shadow DOM trees, aka rdar problem 8007953. NOTE:...

CVE-2010-2300

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to handlers for DOM mutation...

Memory corruption

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to handlers for DOM mutation...

CVE-2010-2300

Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to handlers for DOM mutation...

CVE-2010-2302

CVE-2010-2302 is a use-after-free in WebKit’s WebCore affecting Google Chrome prior to 5.0.375.70. The flaw involves remote fonts used with shadow DOM trees and can cause memory corruption, leading to a denial of service or potential arbitrary code execution. Affected component: WebKit/WebCore in...

[SECURITY] [DSA 2057-1] New mysql-dfsg-5.0 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2057-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 07, 2010 http://www.debian.org/security/faq -...

openSUSE Security Update : ncpfs (openSUSE-SU-2010:0264-1)

This update fixes three security issues in ncpfs : Fixed a information leakage on mount CVE-2010-0790 / bnc583536 Fixed a mtab locking problem CVE-2010-0791 / bnc583536 Fixed a race condition in ncpfs mounts CVE-2010-0788 / bnc550004 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path

Exploit for php platform in category web applications ======================================================= phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path ======================================================= Exploit Title: phpMyAdmin 2.6.3-pl1 Cross Site Scripting and Full Path...

How Assumptions May Be Making Us All Less Secure

In the space of a given year, untold thousands of vulnerabilities are found in operating systems, applications and plug-ins. In many cases, the affected vendors fix the flaws, either with a patch, a workaround or some other mitigation. But there’s also a huge population of security bugs that...

Mandriva Update for php-pear-MDB2 MDVA-2010:136 (php-pear-MDB2)

Check for the Version of php-pear-MDB2 OpenVAS Vulnerability Test Mandriva Update for php-pear-MDB2 MDVA-2010:136 php-pear-MDB2 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

Sablog-X V2. X admin permissions spoofing and arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net

Sablog-X is a PHP and MySQL build a blog system. Affected version:Sablog-X-2. x Said First admin permission spoofing vulnerability Due to the Sablog-x v2. x the back-end authentication process there is a serious logical problem, and leads to the special structure of the cookie log in directly to...

Signing in with username with different case creates new user

We currently utilize LDAP for our user repository and allow users to be automatically added to crucible if they can successfully authenticate. We have recently received complaints from users that their names were showing up two times in reviews. After some analysis we saw that there were 2...

Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting

Exploit for multiple platform in category remote exploits =================================================================== Java Mini Web Server | www.DigitalWhisper.co.il Software Link: http://www.jibble.org/miniwebserver/ Version: YOURXSSHEREWork?Index of %00"Work?Index of %00"Work? Work?...

Java Mini Web Server 1.0 - Directory Traversal Cross-Site Scripting

Java Mini Web Server 1.0 - Directory Traversal Cross-Site Scripting Exploit Title: Java Mini Web Server | www.DigitalWhisper.co.il Software Link: http://www.jibble.org/miniwebserver/ Version: YOURXSSHEREWork?Index of %00"Work?Index of %00"Work? Work?SimpleWebServer.jar SimpleWebServer...

Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting

Exploit Title: Java Mini Web Server | www.DigitalWhisper.co.il Software Link: http://www.jibble.org/miniwebserver/ Version: YOURXSSHEREWork?Index of %00"Work?Index of %00"Work? Work?SimpleWebServer.jar SimpleWebServer http://www.jibble.org/ Path Traversal: A Path Traversal attack aims to access...

Uebimiau Webmail 2.7.2 Cross Site Scripting / Path Disclosure

Exploit Title: Uebimiau Webmail | www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web...

Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities

Exploit Title: Uebimiau Webmail | www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web...

MS10-015 Restart Issues Are the Result of Rootkit Infection

Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the...

MOJOs IWms 7 - SQL Injection Cross-Site Scripting

MOJOs IWms 7 - SQL Injection Cross-Site Scripting Exploit Title: MOJO's IWMS | www.DigitalWhisper.co.il Software Link: http://www.mojo.co.il Version: YourXSSHere SQL Injection A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the...

Researcher Warns of Twitter Security Flaw

A flaw in Twitter’s website has left the login credentials of its users vulnerable to hackers, according to a security researcher who has asked the social media company to fix the problem. Read the full story Reuters...