654 matches found
CVE-2014-1513
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...
Mozilla: Out-of-bounds read/write through neutering ArrayBuffer objects (MFSA 2014-31)
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service...
Scientific Linux Security Update : tzdata enhancement update on SL5.x, SL6.x i386/x86_64 (20131223)
This update adds the following enhancement : The Jordanian government has reversed its decision to observe daylight saving time DST all year and in the year 2014, Jordan is going to resume to the transition schedule from the years 2006 - 2011. This year, Jordan will switch back to Arabia Standard...
CVE-2013-5161
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors...
Design/Logic Flaw
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors...
Obehotel CMS SQL Injection Vulnerability
Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...
Obehotel CMS Denial Of Service / SQL Injection
OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY ------------------------- Title: OBEHOTEL CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing /...
DEBIAN-CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
Cross site request forgery (csrf)
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
UBUNTU-CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
CVE-2012-4733
Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...
CVE-2012-4733
CVE-2012-4733 affects Request Tracker (RT) 4.x prior to 4.0.13. The issue is an improper enforcement of the DeleteTicket and “custom lifecycle transition” permissions, allowing remote authenticated users who have the ModifyTicket permission to delete tickets via unspecified vectors. The connected...
Make custom field description and options rendering consistent for OnDemand and BTF
JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on OnDemand. On OnDemand, custom field descriptions are wiki markup, but on BTF they're HTML. On OnDemand, custom field options e.g. for checkbox are plain text, but on BTF...
Make custom field description and options rendering consistent for OnDemand and BTF
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-34440. panel JIRA has different behaviour for how it renders custom field descriptions and options depending on if it's running BTF or on...
Kernel: sa_restorer information leak
The flushsignalhandlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sarestorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call...
Improved cryptography infrastructure and the June 2013 bulletins
It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year- and I’ve dealt with some interesting issues during my tenure - but our goal o...
php character comparison Double equal characteristics may be references made to the security-vulnerability warning-the black bar safety net
Title party!, the The article is relatively short, ha ha! Before learning php, research. php auto similar conversion,this is php a feature, not a 0day,phper know something, There are similar perl. Straight cut body, we learn php know that“==”with”===”the difference,the former in the comparison of...
Photodex ProShow Producer 5.0.3297 Buffer Overflow
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: Photodex ProShow Producer Vendor URL: www.photodex.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-02-16 Date published: 2013-02-16 CVSSv2 Score: 6,8 AV:N/AC:M/Au:N/C:P/I:P/A:P...