MGASA-2013-0249 Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities: Karthik Bhargavan discovered a way to bypass the Same Origin Policy in frame handling CVE-2013-2881. Cloudfuzzer discovered a type confusion issue in the V8 javascript library CVE-2013-2882. Cloudfuzzer discovered a...

HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities

HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities source: https://www.securityfocus.com/bid/61745/info HTC Sync Manager is prone to multiple arbitrary code-execution vulnerabilities. An attacker can exploit these issues by enticing a legitimate user to use the...

HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities

source: https://www.securityfocus.com/bid/61745/info HTC Sync Manager is prone to multiple arbitrary code-execution vulnerabilities. An attacker can exploit these issues by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a...

HTCSyncManagerUpdate DLL Hijacking

Exploit Title: HTCSyncManagerUpdate quserex.dll & mfc71enu.dll & mfc71loc.dll Path Subversion Arbitrary DLL Injection Code Execution Author: IranianDarkCodersTeam Discovered by A.CH12 Software Link: http://www.htc.com/ Version: 2.1.46.0 Tested on: Windows 7 //...

[SECURITY] Fedora 19 Update: owncloud-4.5.13-1.fc19

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

[SECURITY] Fedora 18 Update: owncloud-4.5.13-1.fc18

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

CVE-2013-2056

The Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call...

Authentication flaw

The Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call...

CVE-2013-2056

The Inter-Satellite Sync ISS operation in Red Hat Network RHN Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call...

CVE-2013-2056

The CVE-2013-2056 entry concerns Red Hat Network Satellite (RHN Satellite) versions 5.3–5.5 (Spacewalk-backend). The vulnerability stems from the Inter-Satellite Sync (ISS) operation not properly verifying client authenticity, enabling a remote attacker to obtain channel content by bypassing the ...

Debian DSA-2724-1 : chromium-browser - several vulnerabilities

Several vulnerabilities have been discovered in the Chromium web browser. - CVE-2013-2853 The HTTPS implementation does not ensure that headers are terminated by \r\n\r\n carriage return, newline, carriage return, newline. - CVE-2013-2867 Chrome does not properly prevent pop-under windows. -...

Google Chrome Multiple Vulnerabilities-01 July13 (MAC OS X)

The host is installed with Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvuln01jul13macosx.nasl 6104 2017-05-11 09:03:48Z teissa $ Google Chrome Multiple Vulnerabilities-01 July13 MAC OS X Authors: Arun Kallavi Copyright: Copyright c 201...

Google Chrome Multiple Vulnerabilities-01 (Jul 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2879

Google Chrome before 28.0.1500.71 does not properly determine the circumstances in which a renderer process can be considered a trusted process for sign-in and subsequent sync operations, which makes it easier for remote attackers to conduct phishing attacks via a crafted web site...

Code injection

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...

CVE-2013-2879

Removed by vendor...

CVE-2013-2868

Removed by vendor...

CVE-2013-2868

common/extensions/synchelper.cc in Google Chrome before 28.0.1500.71 proceeds with sync operations for NPAPI extensions without checking for a certain plugin permission setting, which might allow remote attackers to trigger unwanted extension changes via unspecified vectors...