Adobe Flex 3.3 Cross Site Scripting

================================================== Adobe Flex 3.3 SDK DOM-Based XSS Public Release Date: 8/19/2009 Adam Bixby - Gotham Digital Science Affected Software: Adobe Flex 3.3 SDK and earlier ================================================== 1. Summary...

MDVA-2009:144 : libv4l

This update addresses the issue of urpmi preventing installation of both i586/x8664 versions of libv4l wrappers Mandriva bug 45316. Updated packages are provided to fix this issue. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security...

Mozilla Foundation Security Advisory 2009-46

Mozilla Foundation Security Advisory 2009-46 Title: Chrome privilege escalation due to incorrectly cached wrapper Impact: Critical Announced: August 3, 2009 Reporter: Wladimir Palant, mozbugra4 Products: Firefox 3.5 Fixed in: Firefox 3.5.2 Description Mozilla add-on developer and community member...

Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)

This host is installed with Mozilla Firefox and is prone to Chrome Privilege Escalation vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxchromeprivescvulnaug09lin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 Linux Authors: Sharath...

Chrome privilege escalation due to incorrectly cached wrapper — Mozilla

Mozilla add-on developer and community member Wladimir Palant reported broken functionality on pages that had a Link: HTTP header when an add-on was installed which implemented a Content Policy in JavaScript, such as AdBlock Plus or NoScript. Mozilla security researcher mozbugra4 demonstrated tha...

CVE-2009-2472

Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...

Mozilla multiple cross origin wrapper bypasses

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted document, related to a "cross origin wrapper bypass."...

CVE-2009-2472

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted document, related to a "cross origin wrapper bypass."...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

[SECURITY] Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-30.fc9

This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software...

Race condition while accessing the private data of a NPObject JS wrapper class object — Mozilla

Jakob Balle and Carsten Eiram of Secunia Research reported a race condition in NPObjWrapperNewResolve when accessing the properties of a NPObject, a wrapped JSObject. Balle and Eiram demonstrated that this condition could be reached by navigating away from a web page during the loading of a Java...

nfs-utils security and bug fix update

1.0.6-93.EL4 - Updated the tcpwrapper code to handle hostnames bz 467312 1.0.6-92.EL4 - Rebuilt to fix tcpwrapper dependency on x8664 archs. 1.0.6-91.EL4 - Added a run-time dependency on the tcpwrapper package. 1.0.6-90.EL4 - Fixed lockd not using settings in sysconfig/nfs bz 461043 - Fixed...

Nortel Contact Center Manager - Administration Password Disclosure

source: https://www.securityfocus.com/bid/34964/info Nortel Contact Center Manager Administration is prone to a password-disclosure vulnerability caused by a design error. Attackers can exploit this issue to gain access to the 'sysadmin' password. Successfully exploiting this issue may lead to...

CVE-2008-6123

The netsnmpudpfmtaddr function snmplib/snmpUDPDomain.c in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to...

Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for 1 XMLHttpRequest, involving a mismatch for a document's principal, and 2 XPCNativeWrapper.toString, involving an incorrect proto scope, which allows remote attackers to conduct cross-site...

Linux Kernel 2.6.29 - exit_notify() Local Privilege Escalation

Linux Kernel 2.6.29 - exitnotify Local Privilege Escalation !/bin/sh gw-notexit.sh: Linux kernel 2.6.29 exitnotify local root exploit by Milen Rangelov gat3way-at-gat3way-dot-eu Based on 'exitnotify' CAPKILL verification bug found by Oleg Nestorov. Basically it allows us to send arbitrary signals...

GLSA-200904-03 : Gnumeric: Untrusted search path

The remote host is affected by the vulnerability described in GLSA-200904-03 Gnumeric: Untrusted search path James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric. Impact : A local attacker could entice a user to run Gnumeric from a...

[SECURITY] Fedora 9 Update: gtkmozembedmm-1.4.2.cvs20060817-27.fc9

This package provides a C++/gtkmm wrapper for GtkMozEmbed from Mozilla 1.4.x to 1.7.x. The wrapper provides a convenient interface for C++ programmers to use the Gtkmozembed HTML-rendering widget inside their software...

Ubuntu: Security Advisory (USN-507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...