Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvuln02nov12macosx.nasl 5988 2017-04-20 09:02:29Z teissa $ Mozilla Firefox Multiple Vulnerabilities-02 November12 Mac OS X Authors: Rachana Shetty Copyright:...

Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Mac OS X)

This host is installed with Mozilla Seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaseamonkeymultvuln02nov12macosx.nasl 6074 2017-05-05 09:03:14Z teissa $ Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 Mac OS X Authors: Arun Kallavi Copyright...

Mozilla Firefox Multiple Vulnerabilities-02 (Nov 2012) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : thunderbird vulnerabilities (USN-1636-1)

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript...

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...

Cross site request forgery (csrf)

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...

CVE-2012-4205

Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery CSRF attacks or obtain sensitive...

XMLHttpRequest inherits incorrect principal within sandbox — Mozilla

Mozilla developer Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery CSRF or information theft via an add-on running untrusted code in a sandbox...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest aka XHR object...

CVE-2012-2868

Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest aka XHR object...

CVE-2012-2868

CVE-2012-2868 concerns Chromium/Google Chrome : a race condition between worker processes and an XMLHttpRequest (XHR) can lead to a denial of service and possibly other impact. Affected versions are before the fixed release, with remediation described as updating to a fixed Chromium version (21.0...

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution

/ Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName alert124pt In addition,...

Ipswitch WhatsUp Gold 15.02 XSS / SQL Injection / Command Execution

/ Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName alert124pt In addition,...

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Remote Code Execution

Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will initiate the installation of a special...

SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

/ Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL: http://www.solarwinds.com/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012:...

Atmail Email Server Appliance 6.4 Stored XSS - CSRF - RCE

Exploit for linux platform in category remote exploits Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScrip...

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution

AtMail Email Server Appliance 6.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Remote Code Execution Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail...

php5. 4. 3 remote code execution vulnerabilities, and provide the right kind of work-vulnerability warning-the black bar safety net

PHP comprinttypeinfovulnerability through PHP code to call"exec"to run the SHELL command With this mention of the right is not very convenient? // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant...