6683 matches found
WebCalendar 0.9.x colors.php color XSS
No description provided by source. source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php, day.php, month.php, weekdetails.php,...
phpldapadmin 0.9.8 copy_form.php dn Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to execute...
Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16167/info Microsoft Windows WMF graphics-rendering engine is affected by multiple memory-corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions. These problems present themselves...
FloosieTek FTGatePro 1.22 Mail Server Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8528/info FloosieTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with...
Mozilla0.x,Netscape 3/4,Firefox 1.0 JavaScript IFRAME Rendering Denial Of Servic
No description provided by source. source: http://www.securityfocus.com/bid/11823/info Mozilla/Netscape and Firefox browsers are reported prone a remote denial of service vulnerability. It is reported that the affected browsers will crash as a result of a NULL pointer dereference when a JavaScrip...
PostMaster 3.16/3.17 Proxy Service Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9055/info PostMaster has been reported prone to a cross-site scripting vulnerability. The issue presents itself due to a lack of sufficient sanitization that is performed by the proxy service on user-supplied data. An...
FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...
e107 Website System 0.5/0.6 Log.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10395/info It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input. The problem presents itself...
rubygem-actionpack: directory traversal issue
A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted...
openSUSE Security Update : Mesa (openSUSE-2013-366)
This Mesa update fixes the following security bug: CVE-2013-1993: Integer overflows in XF86DRIOpenConnection and XF86DRIGetClientDriverName were fixed that could lead to client crashes when using a malicious X server. This update fixes the following issue for Mesa on openSUSE 12.3 : - bnc814947,...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)
This update brings Mozilla Firefox to version 3.6.12, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-2012-136)
update to version 1.11.1 to fix several security issues : - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - S7088367, CVE-2011-3563: Fix issues in java sound - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - S7110687, CVE-2012-0503: Issues with TimeZone class -...
VulnCheck KEV: CVE-2013-0074
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application...
CVE-2014-0955
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-0955
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.0 before 8.0.0.1 CF12, when Social Rendering in Connections integration is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
rubygem-actionpack: directory traversal issue
A directory traversal flaw was found in the way Ruby on Rails handled wildcard segments in routes with implicit rendering. A remote attacker could use this flaw to retrieve arbitrary local files accessible to a Ruby on Rails application using the aforementioned routes via a specially crafted...
Two New Vulnerabilities Linked to Latest IE Zero Day
UPDATE – Researchers at Websense said today they may have isolated two components within the VGX library that are being exploited by attackers targeting the latest Internet Explorer zero-day vulnerability. By combing through millions of Windows crash reports sent via the Windows Error Reporting...
MozillaThunderbird,seamonkey (important)
Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...
Firefox for Android addressbar suppression — Mozilla
Security researcher Juho Nurminen reported that on Firefox for Android, when the addressbar has been scrolled off screen, an attacker can prevent it from rendering again through the use of script interacting DOM events. This allows an attacker to present a fake addressbar to the user, possibly...