Firefox browser engine crashes

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to 1...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...

CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...

PT-2009-4026 · Microsoft · Internet Explorer 7 +1

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3 Microsoft Internet Explorer 7 for Server 2003 SP2 Microsoft Internet Explorer 7 for Vista Gold, SP1, and SP2 Microsoft Internet Explorer 7 for Server 2008 SP2 Description: The issue...

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

FreeBSD : ifmail -- unsafe set-user-ID application (746ca1ac-21ec-11d9-9289-000c41e2cdad)

Niels Heinen reports that ifmail allows one to specify a configuration file. Since ifmail runs set-user-ID news', this may allow a local attacker to write to arbitrary files or execute arbitrary commands as the news' user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...

FreeBSD : bmon -- unsafe set-user-ID application (938f357c-16dd-11d9-bc4a-000c41e2cdad)

Jon Nistor reported that the FreeBSD port of bmon was installed set-user-ID root, and executes commands using relative paths. This could allow local user to easily obtain root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

FreeBSD : cyrus-sasl -- dynamic library loading and set-user-ID applications (92268205-1947-11d9-bc4a-000c41e2cdad)

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASLPATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application such as chsh...

Sql injection

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVE-2008-6741

SQL injection vulnerability in Load.php in Simple Machines Forum SMF 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the dbcharacterset parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "" backslash...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVSTrac Detection

This host is running CVSTrac, a Web-Based Bug And Patch-Set Tracking System For CVS, Subversion and GIT. OpenVAS Vulnerability Test $Id: cvstracdetect.nasl 5721 2017-03-24 14:42:01Z cfi $ cvstrac Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is...

Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability Advisory ID: cisco-sa-20090325-tcp http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml Revision 1.0 For Public Release 2009 March 25 1600 UTC...

Firefox 3 crashes in the JavaScript engine

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pas...

CentOS Update for expect CESA-2008:0134 centos3 i386

Check for the Version of expect OpenVAS Vulnerability Test CentOS Update for expect CESA-2008:0134 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

CentOS Update for expect CESA-2008:0134 centos3 x86_64

Check for the Version of expect OpenVAS Vulnerability Test CentOS Update for expect CESA-2008:0134 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...