EUVD-2018-5333

Malware in sbrugna...

Microsoft Visual Studio Code 安全漏洞

Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. An attacker could exploit this vulnerability with a specially crafted website to spoof...

CVE-2017-16905

The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack...

GLSA-201705-06 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201705-06 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execut...

Microsoft Windows Multiple Vulnerabilities (KB4019474)

This host is missing important/critical security update according to Microsoft Security update KB4019474. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft IIS Server XSS Elevation of Privilege (MS17-016: CVE-2017-0055)

A cross-site scripting vulnerability exists in Microsoft IIS, due to improper input validation. A remote attacker can exploit this issue by enticing an affected user to open a specially crafted web page. Successful exploitation could allow an attacker to spoof content, disclose information, or ta...

Mozilla Firefox: Multiple vulnerabilities

Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code wi...

Authentication flaw

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter...

CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hostedappbrowsercontroller.cc...

Design/Logic Flaw

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hostedappbrowsercontroller.cc...

CVE-2015-6583

Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof content via a crafted app, related to browser.cc and hostedappbrowsercontroller.cc...

RubyGems Paperclip Input Validation Vulnerability

RubyGems Paperclip is a file attachment management library for Active Record. RubyGems Paperclip fails to adequately filter user-submitted input, allowing remote attackers to manipulate pages and spoof content...

Design/Logic Flaw

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar...

UBUNTU-CVE-2014-3201

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar...

Microsoft Releases Security Advisory for Improperly Issued Digital Certificates

Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Users and administrators are...

Microsoft SCCM Reflected Cross-site Scripting (MS12-062) - Ver2 (CVE-2012-2536)

A cross-site scripting vulnerability has been reported in Microsoft System Center Configuration Manager SCCM. The vulnerability is due to an error in the way System Center Configuration Manager handles specially crafted requests. A remote attacker can exploit this issue by enticing a target user ...

CVE-2014-1242

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream...

Microsoft Releases Security Advisory

Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...

Flame Malware Spread Via Rogue Microsoft Security Certificates

Flame Malware Spread Via Rogue Microsoft Security Certificates Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle...

Microsoft Internet Explorer Information Disclosure Vulnerability (2501696)

The host is installed with Internet Explorer and is prone to information disclosure vulnerability. This NVT has been replaced by NVT secpodms11-026.nasl OID:1.3.6.1.4.1.25623.1.0.902409. OpenVAS Vulnerability Test $Id: secpodmsiemhtmlinfodiscvuln.nasl 6526 2017-07-05 05:43:52Z cfischer $ Microsof...