344 matches found
CVE-2015-5750
CVE-2015-5750 affects Apple OS X Data Detectors Engine prior to 10.10.5. A crafted sequence of Unicode characters could cause memory corruption, enabling arbitrary code execution or a denial of service. Affected component is Data Detectors Engine; root cause is memory corruption from Unicode proc...
CVE-2015-5750
Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted series of Unicode characters...
This Simple Text Message Can Crash and Reboot Your iPhone
A newly discovered bug in Apple's iOS mobile operating system has emerged this evening that lets iPhone users crash another user’s iPhone by just sending a tiny string of text characters in a message. The bug is related to the Messages app and the notification system used by iPhone and iPad devic...
Apple Mac OS X Multiple Vulnerabilities -08 (Sep 2014)
Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple Safari Multiple Memory Corruption Vulnerabilities-03 (Aug 2014) - Mac OS X
Apple Safari is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...
TippingPoint IPS Unicode Character Detection Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24855/info TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle Unicode characters. A successful exploit of this issue may allow an attacker to bypass the filter and...
Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. Apparently, the application fails to...
Apache Struts < 2.2.0 - Remote Command Execution
No description provided by source. $Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...
michael lamont savant http server 2.1 - Directory Traversal vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2697/info It is possible for an attacker to traverse the web folders of a Savant HTTP Server. Submitting a URL referring to a known directory or file, and appended with specific unicode characters, will disclose the...
APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-05-21-1 Safari 6.1.4 and Safari 7.0.4 Safari 6.1.4 and Safari 7.0.4 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact...
May 2014 Apple Safari Browser Security Patches
Apple released an update to Safari yesterday patching 22 vulnerabilities in the WebKit browser engine that allow code execution or a browser crash. Safari 7.0.4 is available for OS X Mavericks 10.9 and Safari 6.1.4 for OS X Mountain Lion 10.8. The vulnerabilities could be exploited if the user wa...
Safari < 6.1.4 / 7.0.4 Multiple Vulnerabilities
Binary data 8264.prm...
Code injection
Simple Machines Forum SMF 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username...
Microsoft Internet Explorer Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Pidgin < 2.10.8 Multiple Vulnerabilities
The version of Pidgin installed on the remote host is a version prior to 2.10.8. It is, therefore, potentially affected by the following vulnerabilities : - The bundled version of Pango has an error that can lead to an application crash when rendering fonts and attempting to display certain Unico...
Design/Logic Flaw
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841...
Exclusive - Source Code Spoofing with HTML5 and the LRO Character
Exclusive - Source Code Spoofing with HTML5 and the LRO Character Article Written by John Kurlak for The Hacker News,He is senior studying Computer Science at Virginia Tech. Today John will teach us that How to Spoof the Source Code of a web page. For example, Open and Try to View Source Code of...
Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
This host has moderate security update missing according to Microsoft Bulletin MS12-019. OpenVAS Vulnerability Test $Id: secpodms12-019.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows DirectWrite Denial of Service Vulnerability 2665364 Authors: Antu Sanadi Copyright: Copyright c 2012 SecPo...
Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)
This host has moderate security update missing according to Microsoft Bulletin MS12-019. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...