28 matches found
GHSA-9MVM-4GWG-V8MP Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
Summary GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitiser blocks ../ traversal but does not strip Bourne-shell metacharacters such as $ or backticks, and...
PT-2026-41693
Name of the Vulnerable Software and Affected Versions Arcane versions 1.18.1 and earlier Description An issue exists where the endpoint "GET /environments/id/volumes/volumeName/browse" accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside a helper...
Pachno 1.0.6 Stored Cross-Site Scripting
Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...
EUVD-2015-0836
Malware in sbrugna...
SUSE CVE-2015-0823
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...
Mozilla Firefox Security Advisory (MFSA2015-23) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Debian DSA-4813-1 : firefox-esr - security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...
Debian DLA-2496-1 : firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or CSS sanitiser bypass. For Debian 9 stretch, these problems have been fixed in version 78.6.0esr-1deb9u1. We recommend that you...
[SECURITY] [DLA 2496-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2496-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 16, 2020 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 4813-1] firefox-esr security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4813-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 16, 2020 https://www.debian.org/security/faq -...
Arbitrary Code Execution
firefoxi s vulnerable to arbitrary code execution. The vulnerability in Sanitiser for OpenType OTS, used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute...
ntpd 4.2.8p10 Out-Of-Bounds Read
Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage: http://www.ntp.org/ Software Link:...
ntpd 4.2.8p10 - Out-of-Bounds Read Exploit
Exploit for linux platform in category local exploits Exploit Title: ntpd 4.2.8p10 - Out-of-Bounds Read PoC Bug Discovery: Yihan Lian, a security researcher of Qihoo 360 GearTeam Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/blog/cve-2018-7182 Vendor Homepage:...
Mozilla Firefox < 36.0 Multiple Vulnerabilities
Binary data 8653.prm...
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2505-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2505-1 advisory. Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were...
CVE-2015-0823
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...
Design/Logic Flaw
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...
CVE-2015-0823
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...
CVE-2015-0823
CVE-2015-0823 describes multiple use-after-free vulnerabilities in the OpenType Sanitiser (OTS) used by Mozilla Firefox prior to 36.0, related to the ots_gasp_parse function. The issue could allow a remote attacker to trigger problematic Developer Console output or potentially cause other impacts...
UBUNTU-CVE-2015-0823
Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the...