2667 matches found
Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage
Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage Source: https://code.google.com/p/google-security-research/issues/detail?id=424&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier...
Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)
Source: https://code.google.com/p/google-security-research/issues/detail?id=431&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...
Microsoft Office 2007 - 'OGL.dll' DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)
Source: https://code.google.com/p/google-security-research/issues/detail?id=420&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...
Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage
Source: https://code.google.com/p/google-security-research/issues/detail?id=424&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
jdk7-openjdk: multiple issues
CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
Project Zero Patch Tuesday roundup, November 2014
Posted by Chris Evans, Registrar of Bugs It’s been about a week since Patch Tuesday, and the Project Zero reports mentioned in the various advisories are now public. We won’t always be writing a Patch Tuesday roundup, but we often will when we believe there is a sufficiently varied and interestin...
[SECURITY] [DSA 2987-2] openjdk-7 regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2987-2 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2014 http://www.debian.org/security/faq -...
CVE-2014-4590
Cross-site scripting XSS vulnerability in get.php in the WP Microblogs plugin 0.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the oauthverifier parameter...
Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6221/info The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to...
Sun/Netscape Java Virtual Machine1.x Bytecode Verifier Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6224/info A vulnerability in the Sun and Netscape Java Virtual Machine has been reported. The vulnerability is related to the bytecode verifier, a component of the Java compiler that ensures legal structure of Java...
Respondly: OAuth open redirect
An attacker can use an open redirect vulnerability in the Twitter OAuth process to redirect someone to his/her webpage, while also obtaining the OAuth token and verifier of the victim. The vulnerability is right here:...
Multi Gather Malware Verifier
This module will check a file for malware on VirusTotal based on the checksum. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require 'uri' class MetasploitModule 'Multi Gather Malware Verifier',...
PT-2014-2778 · Python · Python-Oauth2
Name of the Vulnerable Software and Affected Versions: python-oauth2 affected versions not specified Description: The issue concerns the use of weak random numbers by the make nonce, generate nonce, and generate verifier functions in python-oauth2, making it easier for remote attackers to guess t...