3241 matches found
KLA10012 Vulnerability in Microsoft Word 2007 & Office Compatibility Pack
An unspecified vulnerability was found in the Word 2007 and Office Compatibility Pack. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited from the network at point related to an unknown application via a...
CVE-2014-3878
Multiple cross-site scripting XSS vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in an add new contact action in the Contacts section or unspecified...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via 1 the Name field in an add new contact action in the Contacts section or unspecified...
IPSwitch IMail Server WEB client 12.4 - Persistent Cross-Site Scripting
IPSwitch IMail Server WEB client 12.4 - Persistent Cross-Site Scripting Exploit Title: IPSwitch IMail Server WEB client 12.4 persistent XSS Google Dork: Date: 3 june 2014 Exploit Author: Peru GoSecure! Vendor Homepage: www.ipswitch.com Software Link: http://www.imailserver.com/try/ Version: Teste...
Of TrueCrypt and the Warrant Canary
Apple’s first transparency report, released last November, was one in a string of many released following the start of the Snowden leaks by technology companies trying to distance themselves from the tentacles of NSA surveillance. Apple’s report, however, contained two sentences that made it stan...
CVE-2014-3761
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Cross site scripting
Cross-site scripting XSS vulnerability in D-Link DAP 1150 with firmware 1.2.94 allows remote attackers to inject arbitrary web script or HTML via the resbuf parameter to index.cgi in the Control/URL-filter section...
Vulnerability Allows Anyone to DDoS Websites Using Facebook Servers
Reading a 'Note' created by anyone on the Facebook could trick you automatically to do malicious attacks against others unknowingly. A Security researcher Chaman Thapa, also known as chr13 claims that the flaw resides in 'Notes' section of the most popular social networking site - Facebook, that...
[SECURITY] Fedora 20 Update: elfutils-0.158-3.fc20
Elfutils is a collection of utilities, including ld a linker, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, and elflint to check for well-formed ELF files...
CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
DEBIAN-CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
Integer overflow
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
CVE-2014-0172
Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...
Clapper: NSA Queries Databases for Information on U.S. Persons
UPDATE–The NSA searches the data it collects incidentally on Americans, including phone calls and emails, during the course of terrorism investigations. James Clapper, the director of national intelligence, confirmed the searches in a letter to Sen. Ron Wyden, the first time that such actions hav...
CVE-2013-0807
Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
OkCupid: Stored Cross-site scripting vulnerability in okcupid
Proof of concept : 1. Login into okcupid . 2. Go to profile . 3. In About section , Click on any of the edit icons like MY self summary etc.. 4. Enter payload " 5. Click on save . 6. XSS payload is executed by displaying cookies...
Slack: CSRF on add comment section
Hi, Steps to repro: 1 Go to this link https://sehacure.slack.com/help/requests/237956 2 The malicious guy should now the request number and the username. 3 Open Tamper data using tamper data firefox addon,Fill the reply in the form. 4 Submit the request.You will see there are no anti-csrf token i...