1230 matches found
Debian: Security Advisory (DSA-2445-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2455-1 : typo3-src - missing input sanitization
Helmut Hummel of the TYPO3 security team discovered that TYPO3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this...
[SECURITY] [DSA 2455-1] typo3-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...
Debian DSA-2445-1 : typo3-src - several vulnerabilities
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework : - CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these...
FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities
FCMS2.7.2 cms and earlier multiple CSRF Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple CSRF Vulnerability Download link...
Important: cacti
Issue Overview: The release notes http://www.cacti.net/releasenotes087h.php for Cacti 0.8.7h indicate that two security vulnerabilities were fixed, though no corresponding CVE has been issued. Affected Packages: cacti Issue Correction: Run yum update cacti or yum update --advisory ALAS-2011-23 to...
Linux pkexec / polkitd 0.96 Race Condition
!/bin/sh pid; if stat procbuf, &statbuf != 0 gseterror error, POLKITERROR, POLKITERRORFAILED, "stat failed for /proc/%d: %s", process-pid, gstrerror errno; goto out; where the code only rely on stat of the pseudo filesystem src/polkit/polkitsubject.c --------- there's not enough validation to run...
WordPress Multiple Plugin - timthumb.php Vulnerabilites
This Multiple plugin is prone to a timthumb.php library vulnerabilities. The attacker controls domain such as blogger.com by hosting a malicious GIF file with code that is appended to the end on. Then provides it to the script through the src GET parameter. Solution Upgrade the plugin...
[SECURITY] [DSA 2289-1] typo3-src security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2289-1 [email protected] http://www.debian.org/security/ Florian Weimer August 07, 2011 http://www.debian.org/security/faq -...
Prontus CMS Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prontus is a /chilean/ "CMS" used by many sites in Chile. The vulnerability is into "antialone.html" which contains some frames using the value of "page" as "src" attribute:...
CVE-2011-2626
Opera before 11.50 allows remote attackers to cause a denial of service application crash by using "injected script" to set the SRC attribute of an IFRAME element...
Information disclosure
Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...
CVE-2011-0772
Multiple cross-site scripting XSS vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the 1 color parameter to includes/blogroll.php or 2 src parameter to includes/timwrapper.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the 1 color parameter to includes/blogroll.php or 2 src parameter to includes/timwrapper.php...
Debian: Security Advisory (DSA-2098-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Memory corruption
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...
Mozilla arbitrary free flaw
layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a crafted HTML document, related to the DATA and...
CVE-2010-2663
Opera before 10.60 allows remote attackers to cause a denial of service application hang via an ended event handler that changes the SRC attribute of an AUDIO element...
Google Chrome 'IFRAME' Denial Of Service Vulnerability
This host is installed with Google Chrome and is prone to Denial Of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromeiframedosvuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Google Chrome 'IFRAME' Denial Of Service Vulnerability Authors: Antu Sanadi Updated By: Madhuri D on...
DSA-2040-1 squidguard - several vulnerabilities
Bulletin has no description...