105 matches found
EUVD-2011-1069
Malware in sbrugna...
EUVD-2007-0648
Malware in sbrugna...
EUVD-2011-2762
Malware in sbrugna...
EUVD-2013-6447
Malware in sbrugna...
EUVD-2012-2840
Malware in sbrugna...
EUVD-2014-1447
Malware in sbrugna...
CVE-2011-4457
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
Oracle Linux 8 : python3 (ELSA-2023-7151)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7151 advisory. - Security fix for CVE-2023-40217 Resolves: RHEL-3041 - Fix symlink handling in the fix for CVE-2007-4559 Resolves: rhbz263261 - Security fix for CVE-2023-24329...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python310 (SUSE-SU-2023:2884-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2884-1 advisory. - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile...
CVE-2015-4952
The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196...
CVE-2016-7266
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a...
CVE-2016-5166
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and condu...
CVE-2015-1298
The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtimeapi.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to a...
CVE-2015-1298
The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtimeapi.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to a...
CVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...
CVE-2014-2018
Cross-site scripting XSS vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a 1 OBJECT or 2 EMBED...
Information disclosure
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation...
CVE-2014-1489
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service session restore via a crafted web site...
CVE-2013-6672
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations...
CVE-2013-5645
Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...