Autodesk FBX Review 资源管理错误漏洞

Autodesk FBX Review is a lightweight standalone tool for viewing 3D assets and animations. A post-release reuse vulnerability exists in Autodesk FBX Review version 1.4.1.0. An attacker can exploit this vulnerability by tricking a user into opening a malicious FBX file to run arbitrary code on the...

Mozilla Firefox Private Browsing Mode Security Bypass Vulnerability

Mozilla Firefox is a popular WEB browser. A security bypass vulnerability exists in Mozilla Firefox Private Browsing mode, which can be exploited by a remote attacker to submit a special WEB page that can be tricked into parsing by the user, bypassing security restrictions and performing...

Bumble: Arbitrary modification value "session" (Cookie) in badoo.com

Users who log on through https://m.badoo.com/ receive a session cookie named "session" whose value represents the user identifier. I have found a way to change the value of the cookie, this error can be used to: Leave off the application to a particular user to log on again, the attacker would ha...

New Relic: CSRF vulnerability that allows an attacker to purge plugin metric data

Vulnerability details A seemingly minor CSRF vulnerability exists in the endpoint that purges plugin metric data. When an admin visits the Agent overview of its account, it will show a button for each plugin that allows the admin to purge the data. This button links to a GET requests that is...

CVE-2006-2785

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...