8305 matches found
CVE-2012-4908
CVE-2012-4908 affects Google Chrome for Android, where the Same-Origin Policy for local file access (file:) can be bypassed via symbolic links. The vulnerability enables a remote attacker to access Chrome’s private local files (e.g., cookies, bookmarks) by tricking a loaded file: URL with a symli...
CVE-2012-4908
Removed by vendor...
Google Updates Chrome for Android, Fixes Several Vulnerabilities
Google has issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities and paying out a total of $3,500 in rewards to two researchers. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for...
Google Chrome for Android - com.android.browser.application_id Intent Extra Data Cross-Site Scripting
source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially sensitive information, bypass the same-origin policy, and steal...
Google Chrome for Android - com.android.browser.application_id Intent Extra Data Cross-Site Scripting
Google Chrome for Android - com.android.browser.applicationid Intent Extra Data Cross-Site Scripting source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. Attackers may exploit these issues to execute arbitrary code in the context of...
Google Chrome for Android - Same-origin Policy Bypass Local Symlink
Google Chrome for Android - Same-origin Policy Bypass Local Symlink source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially...
Google Chrome for Android - Same-origin Policy Bypass Local Symlink
source: https://www.securityfocus.com/bid/55523/info Google Chrome for Android is prone to multiple vulnerabilities. Attackers may exploit these issues to execute arbitrary code in the context of the browser, obtain potentially sensitive information, bypass the same-origin policy, and steal...
Sitecom Home Storage Center - Authentication Bypass
Sitecom Home Storage Center - Authentication Bypass Security Advisory AA-006: Authorization Bypass Vulnerability in Password Reset Function Sitecom Home Storage Center 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012...
Conceptronic Grab'n'Go Authorization Bypass
Exploit for php platform in category web applications Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability...
Sitecom Home Storage Center Authorization Bypass
Exploit for php platform in category web applications Authorization Bypass Vulnerability in Password Reset Function Sitecom Home Storage Center 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type=...
Mandriva Linux Security Advisory : mozilla (MDVSA-2012:110-1)
Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain...
Conceptronic Grab'n'Go Authorization Bypass
Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypass...
Sitecom Home Storage Center Directory Traversal
Exploit for hardware platform in category web applications Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= -...
VulnCheck KEV: CVE-2012-1875
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."...
Microsoft Office Visio/Viewer Remote Code Execution Vulnerability (2733918)
This host is missing an important security update according to Microsoft Bulletin MS12-059. OpenVAS Vulnerability Test $Id: secpodms12-059.nasl 5963 2017-04-18 09:02:14Z teissa $ Microsoft Office Visio/Viewer Remote Code Execution Vulnerability 2733918 Authors: Antu Sanadi Copyright: Copyright c...
Scientific Linux Security Update : firefox on SL6.x i386/x86_64
A race condition flaw was found in the way Firefox handled Document Object Model DOM element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-3765 Several flaws were found in the...
Scientific Linux Security Update : icedtea-web on SL6.x i386/x86_64
The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields which could then be read by an attacker. CVE-2009-3370 A flaw was found in the way Firefox creates temporary file...
Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user...