PHP 5.4.3 'com_print_typeinfo()'远程代码执行漏洞

PHP是一种HTML内嵌式的语言 PHP comprinttypeinfo存在一个安全漏洞，允许攻击者执行任意代码。此漏洞影响windows平台上的php版本，在windows平台上其"COM"函数作为PHP核心的一部分。攻击者需要上传恶意PHP代码到服务器，攻击者可以通过"exec"使用PHP运行SHELL命令 0 PHP 5.4.3 厂商解决方案 目前没有详细解决方案提供： http://www.php.net/ // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in...

PHP 5.4 Win32 Code Execution

// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...

Mozilla Products Security Bypass Vulnerability (May 2012) - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Mozilla Products Security Bypass Vulnerability - May12 (Mac OS X)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12macosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Mac OS X Authors:...

Mozilla Products Security Bypass Vulnerability - May12 (Windows)

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability OpenVAS Vulnerability Test $Id: gbmozillaprdtssecbypassvulnmay12win.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products Security Bypass Vulnerability - May12 Windows Authors: Rachan...

Mozilla Products Security Bypass Vulnerability (May 2012) - Mac OS X

Mozilla Firefox/Thunderbird/Seamonkey is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Cross site scripting

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site 1 XMLHttpRequest or 2 WebSocket operation involvin...

Debian DSA-2406-1 : icedove - several vulnerabilities

Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls throu...

DSA-2406-1 icedove - several

Bulletin has no description...

Mandriva Update for mozilla MDVSA-2012:013 (mozilla)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mozilla Foundation Security Advisory 2012-02

Mozilla Foundation Security Advisory 2012-02 Title: Overly permissive IPv6 literal syntax Impact: Low Announced: January 31, 2012 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.26 Thunderbird 7.0 Thunderbird 3.1.18 SeaMonkey 2.4 Description...

Mozilla Foundation Security Advisory 2012-02

Mozilla Foundation Security Advisory 2012-02 Title: Overly permissive IPv6 literal syntax Impact: Low Announced: January 31, 2012 Reporter: Gregory Fleischer Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 7.0 Firefox 3.6.26 Thunderbird 7.0 Thunderbird 3.1.18 SeaMonkey 2.4 Description...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability - Windows

Mozilla Firefox/Thunderbird/Seamonkey is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (Windows)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsipv6literalsyntaxinfodiscvulnwin.nasl 6444 2017-06-27 11:24:02Z santu $ Mozilla Products IPv6 Literal Syntax Cross Domain Informatio...

Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)

The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to information disclosure vulnerability. OpenVAS Vulnerability Test $Id: gbmozillaprdtsipv6literalsyntaxinfodiscvulnmacosx.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products IPv6 Literal Syntax Cross Domain...

Information disclosure

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and...

CVE-2011-3670

CVE-2011-3670 affects Firefox prior to 3.6.26 and 4.x–6.0, Thunderbird prior to 3.1.18 and 5.0–6.0, and SeaMonkey prior to 2.4. The issue: improper enforcement of IPv6 literal address syntax, allowing remote attackers to cause information disclosure by reading error messages from XMLHttpRequest c...