6683 matches found
Code injection
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...
CVE-2014-9508
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via...
CVE-2014-9509
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact possibly resource consumption via a "Cache Poisoning" attack using a...
CVE-2014-9509
CVE-2014-9509 affects TYPO3: the frontend rendering component in TYPO3 4.5.x (before 4.5.39), 4.6.x–6.2.x (before 6.2.9), and 7.x (before 7.0.2). When config.prefixLocalAnchors is set to all or cached, remote attackers can trigger a cache-poisoning scenario by crafting a URL with arbitrary argume...
CVE-2014-9508
TYPO3 Open Redirect/Link Spoofing vulnerability CVE-2014-9508 affects the frontend rendering component. Affected: TYPO3 4.5.x before 4.5.39, 4.6.x–6.2.x before 6.2.9, and 7.x before 7.0.2. Condition: config.prefixLocalAnchors enabled with an anchor-only homepage; attacker can modify anchor-only l...
[SECURITY] Fedora 20 Update: freetype-2.5.0-7.fc20
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
Fedora 20 : mingw-freetype-2.5.4-1.fc20 (2014-17580)
Update to 2.5.4\r\n Updated subpixel rendering patch to 2.5.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Fedora 21 : mingw-freetype-2.5.4-1.fc21 (2014-17550)
Update to 2.5.4\r\n Updated subpixel rendering patch to 2.5.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...
Microsoft Could Kill Internet Explorer; New Spartan Browser Coming Soon
Bad News for Internet Explorer fans, if any! Microsoft's almost 20 years old Web browser with a big blue E sign might soon be a thing of the past. With the arrival of Windows 10, probably by next fall, Microsoft could come up with its brand new browser that’s more similar to Mozilla's Firefox and...
Microsoft Graphics Rendering Engine Thumbnail Image Stack Buffer Overflow - Ver2 (CVE-2010-3970)
Thumbnails are reduced-size versions of pictures, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words. A stack buffer overflow vulnerability has been discovered in Microsoft's Graphics Rendering Engine. The vulnerability is due t...
CVE-2011-1798
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service application crash or possibly have unknown oth...
[SECURITY] Fedora 21 Update: freetype-2.5.3-13.fc21
The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...
eBay.com ocsnext CSS Injection
Exploit Title: eBay.com ocsnext sub-domain Reflected CSS injection Date: 20/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ebay.com Version: / Category: Reflected CSS injection Google dork: Tested on: eBay.com ocsnext sub-domain Adobe description :...
openSUSE Security Update : seamonkey (openSUSE-SU-2014:1655-1)
seamonkey was updated to version 2.31 to fix 20 security issues. These security issues were fixed : - Miscellaneous memory safety hazards CVE-2014-1587, CVE-2014-1588. - XBL bindings accessible via improper CSS declarations CVE-2014-1589. - XMLHttpRequest crashes with some input streams...
FreeBSD : xserver -- multiple issue with X client request handling (27b9b2f0-8081-11e4-b4ca-bcaec565249c)
Alan Coopersmith reports : Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues. The vulnerabilities...
Ubuntu 14.04 LTS : NVIDIA graphics drivers vulnerabilities (USN-2438-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2438-1 advisory. It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either...
nvidia: arbitrary code execution
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
nvidia-304xx: arbitrary code execution
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
nvidia-340xx: arbitrary code execution
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX indirect rendering support. An attacker able to connect to an X server, either locally or remotely, could use these issues to cause the X server to crash or execute arbitrary code resulting in possible privilege escalation...
xorg-x11-server: out of bounds access due to not validating length or offset values in DRI3 & Present extensions
Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...