UBUNTU-CVE-2014-1722

Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

rubygem-actionpack: Action View string handling denial of service

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

rubygem-actionpack: Action View string handling denial of service

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

CVE-2014-0082 rubygem-actionpack: Action View string handling denial of service

actionpack/lib/actionview/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service memory consumption by including these strings in heade...

DEBIAN-CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service crash via a negative bottom value...

CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service crash via a negative bottom value...

CVE-2013-6424

CVE-2013-6424 : Integer underflow in the xTrapezoidValid macro of render/picture.h in X.org X Server can cause a denial of service (crash) via a negative bottom value. Concrete references across Nessus/Gentoo advisories confirm X.Org Server exposure and the need to upgrade; GLSA-201701-64 recomme...

UBUNTU-CVE-2013-6424

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service crash via a negative bottom value...

DEBIAN-CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

PYSEC-2013-34

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

Xibo - layout HTML Injection

Xibo - layout HTML Injection source: https://www.securityfocus.com/bid/62063/info Xibo is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially...

Xibo - 'layout' HTML Injection

source: https://www.securityfocus.com/bid/62063/info Xibo is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal...

Oracle Linux 5 : xorg-x11-server (ELSA-2010-0382)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2010-0382 advisory. 1.1.1-48.76.0.1.el55.1 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.76.1 - xserver-1.1.1-mod-macro-parens.patch: Fix...

Oracle Linux 5 / 6 : xorg-x11-server (ELSA-2011-1359)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1359 advisory. 1.7.7-29.2 - cve-2011-4818.patch: Multiple input sanitization flaws in GLX and Render Tenable has extracted the preceding description block directl...

Oracle Linux 5 : xorg-x11-server (ELSA-2008-0504)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0504 advisory. 1.1.1-48.41.0.1.el52.1 - Added Enterprise Linux detection 1.1.1-48.41.1 - cve-2008-1377.patch: Record and Security Extension Input validation -...

Cross site scripting

Cross-site scripting XSS vulnerability in the tree render API TCA-Tree in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

FreeBSD : typo3 -- Multiple vulnerabilities in TYPO3 Core (79818ef9-2d10-11e2-9160-00262d5ed8ee)

Typo Security Team reports : TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported th...

Microsoft Internet Explorer execCommand Use-After-Free

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Slackware: Security Advisory (SSA:2006-123-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...