RuggedCom Rugged Operating System Remote Security Bypass Vulnerability

Rugged Operating System is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Wireless LAN Controller WLC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input...

Design/Logic Flaw

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the 1 task-completion API or 2 VoIP API...

CVE-2013-5137

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the 1 task-completion API or 2 VoIP API...

CVE-2013-5137

Summary of CVE-2013-5137 : In Apple iOS, the IOKit component allowed a background application to inject user-interface events into the foreground app via the task-completion API or VoIP API. This could enable an attacker with control of a background app to influence the active UI. The vulnerabili...

Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity

Issued: August 6, 2013 Updated: August 7, 2013 Product: Apache CloudStack Vendor: The Apache Software Foundation Vulnerability Types: Cross-site scripting XSS Vulnerable versions: Apache CloudStack versions 4.0.0-incubating, 4.0.1-incubating, 4.0.2 and 4.1.0 CVE References: CVE-2013-2136 Risk...

Apache CloudStack多个跨站脚本漏洞

BUGTRAQ ID: 61638 CVECAN ID: CVE-2013-2136 Apache CloudStack是部署和管理大型虚拟机网络的开源软件。 Apache CloudStack 4.0.0-incubating, 4.0.1-incubating 4.0.2, 4.1.0的用户界面允许经过身份验证的用户对系统内的其他用户执行跨站脚本攻击。 0 Apache Group CloudStack 4.1.0 Apache Group CloudStack 4.0.2 Apache Group CloudStack 4.0.1-incubating Apache Group...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...

CVE-2013-3791

Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...

Code injection

Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...

CVE-2013-3779

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI...

CVE-2013-3782

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI...

CVE-2013-3791

Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...

CVE-2013-3791

Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...

LinkedIn Clickjacking vulnerability tricks users to spam links

A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...

Oracle Linux 4 : gtk2 (ELSA-2007-0019)

From Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit GTK+, a library for creating graphical user...

[Arachni v0.4.3] Ruby framework aimed towards helping penetration testers

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)

USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If the user wer...

Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)

Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...

Arbitrary code execution within Profiler — Mozilla

Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from...