Foxit Releases Foxit Reader 4.1.1.0805

Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for...

Google Chrome Multiple Unspecified Vulnerabilities - July 10

The host isnstalled with Google Chrome and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromemultunspecifiedvulnjul10.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome Multiple Unspcified Vulnerabilities - July 10 Authors: Madhuri D Copyright:...

CVE-2010-1782

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to the rendering...

CVE-2010-2901

Removed by vendor...

CVE-2010-2901

CVE-2010-2901 affects Google Chrome rendering before 5.0.375.125, with memory corruption enabling remote denial of service via unknown vectors. Public records in multiple feeds (Ubuntu USN-1195-1, openSUSE, Gentoo GLSA/GNU patches) confirm this CVE and reference a Chrome/Chromium exposure prior t...

Google Fixes Critical Vulns In Chrome 5 Update

Google has released version 5.0.375.125 of Chrome, a security update that addresses three “high” risk vulnerabilities in its WebKit-based browser. According to the developers, two of the high risk issues could lead to memory corruption while SVG handling or rendering code. Read the full article...

Google Chrome multiple vulnerabilities - July 10

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulnjul10.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - July 10 Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Google Chrome 5.0.375.99更新修复多个安全漏洞

BUGTRAQ ID: 41334 CVE ID: CVE-2010-2645,CVE-2010-2646,CVE-2010-2647,CVE-2010-2648,CVE-2010-2649,CVE-2010-2650,CVE-2010-2651,CVE-2010-2652 Google Chrome是Google发布的开源WEB浏览器。 Chrome的5.0.375.99版本更新修复了多个安全漏洞，用户受骗访问恶意网页就可能导致拒绝服务或完全入侵用户系统。 1 在使用WebGL时Chrome中可能出现越界读访问错误。 2 Chrome没有正确地隔离沙盒中的IFRAME元素。 3...

CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

UBUNTU-CVE-2010-2651

The Cascading Style Sheets CSS implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...

Mahara Multiple Remote Vulnerabilities

Mahara is prone to multiple remote vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. A cross-site request-forgery vulnerability 3. Multiple SQL-injection vulnerabilities 4. An authentication-bypass vulnerability Exploiting these issues could allow an attacker to steal...

OneCMS 2.6.1 - 'cat' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41194/info OneCMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how t...

CVE-2010-2297

CVE-2010-2297 affects Google Chrome’s WebKit/WebCore (FixedTableLayout.cpp) where an HTML document with a large colspan inside a table can crash the browser or potentially execute arbitrary code. Affected version: Chrome prior to 5.0.375.70. Public references in NVD, SUSE/SUSE-verified advisories...

CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to a layout change during selection...

CVE-2010-1397

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to a layout change during selection...

Microsoft IE toStaticHTML跨域信息泄露漏洞（MS10-035）

BUGTRAQ ID: 40409 CVE ID: CVE-2010-1257 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 Internet Explorer在过滤HTML时处理使用特定字符串的内容的方式存在信息泄露漏洞。攻击者可以通过创建特制的网页来利用这个漏洞，如果用户查看了该网页就会导致信息泄露。成功利用这个漏洞的攻击者可以对用户执行跨站脚本，允许攻击者在用户的安全环境中对使用toStaticHTML API的站点执行脚本。 这个漏洞仅影响Internet Explorer 8中的Quirk渲染模式。 Microsoft Internet...

Microsoft Windows OpenType CFF驱动本地权限提升漏洞（MS10-037）

BUGTRAQ ID: 40572 CVE ID: CVE-2010-0819 Windows是微软发布的非常流行的操作系统。 Windows OpenType CFF驱动没有正确地验证用户态传送给内核态的某些数据，如果用户查看了特制CCF字体所渲染的内容，在获得字型轮廓时就会用任意数量的0字节覆盖内核内存，导致内核级权限提升。攻击者必须拥有有效的登录凭据且能够本地登录才可以利用这个漏洞，无法远程或匿名利用。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft...

Wing FTP Server 'admin_loginok.html' HTML Injection Vulnerability

Wing FTP Server is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie- based authentication credentials an...

RHEL 3 / 4 / 5 : pango (RHSA-2010:0140)

Updated pango and evolution28-pango packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pango is a library used for the layout and rendering of...

[SECURITY] Fedora 11 Update: kazehakase-0.5.8-5.fc11.1

Kazehakase is a Web browser which aims to provide a user interface that is truly user-friendly & fully customizable. This package uses Gecko for HTML rendering engine...