Debian Linux Security Advisory 2296-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
a4404b9fb18f9a350bb2b2371d3cac0a81db85327706b6a845580692d565c690Zero Day Initiative Advisory 11-272 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexnet License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the license server manager which listens on TCP port 27000. There are multiple problems that allow an attacker to influence the saving and loading of log files on the server. By utilizing a directory traversal issue and some file renaming bugs, an attacker can leverage these vulnerabilities would allow the attacker to execute arbitrary code under the user context running the license server manager/vendor daemon.
474b2453c09e08a36a745bc0530516b0e1ff992e82bfe6fb081f62dc9e78b618Mandriva Linux Security Advisory 2011-127 - Security issues were identified and fixed in mozilla firefox and thunderbird. Mozilla developers and community members identified and fixed several memory safety bugs in the browser engine used in Firefox 3.6 and other Mozilla-based products.
e421d304f51c8cb168d09ef596f40ef0cdd2c492c171c10d2d3e026d7478b0d7Ubuntu Security Notice 1192-2 - USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
5dc52c2838b708ccb4fd5449d2fcce50cb0c6f5a233cdb719e1b36834d1988b3Ubuntu Security Notice 1192-1 - Aral Yaman discovered a vulnerability in the WebGL engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Vivekanand Bolajwar discovered a vulnerability in the JavaScript engine. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Bert Hubert and Theo Snelleman discovered a vulnerability in the Ogg reader. An attacker could potentially use this to crash Firefox or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
fd0dbc52704b7de27d589a9b373d2248010c2f4ec11b9682f224be9222b632feElgg versions 1.7.10 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
961818c84c8d6b317250aaf6af077b2dac4da20fc5d7e48417f4ddb4ba6cee65Contrexx Shopsystem versions 2.2 SP3 and below suffer from a remote SQL injection vulnerability.
42f8094528155fd68e531ce5a127934ab6b53e095f3045260529c3a5158a19edWordPress OdiHost Newsletter plugin versions 1.0 and below suffer from a remote SQL injection vulnerability.
6a3636ad38e027bd98ada6deba08feef6d1a9f10610364218783cf6e8e50f410Bit-7 Informatics suffers from a remote SQL injection vulnerability.
050c73f26c943a43ab0afb48da1330195ecd18b193281a4253d6338131706afeSkype versions 5.5.0.113 and below on Windows suffers from HTML and Javascript injection vulnerabilities.
2c528e6e8bc01de1bd0fc12e3f7250aa305dc496eec675d266f122e65a63097dZero Day Initiative Advisory 11-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.
7a874826c13077a493651ffcc60cd5531760c54fa0d0eb8ba96279740a07e5bdWordPress Easy Contact Form Lite plugin versions 1.0.7 and below suffer from a remote SQL injection vulnerability.
efcbf5af9278eb70bbe6eb6c9b3de9539d4fc4b36203f94d26009b7e2fdfe920WordPress WP Symposium plugin versions 0.64 and below suffer from a remote SQL injection vulnerability.
fa81393a1390adf985e5c8c75ad9b98576097a8ccb3cc3776d7fbab58bafb007TheWebASP suffers from multiple remote SQL injection vulnerabilities.
505df83a28cd3938eb388363bf5f960117430790e2fa5d9f43fba26bbf7178feMarine suffers from a remote SQL injection vulnerability.
37315cf136a57e2ddc1f716998151316faec14b4e792c54584993afa925483f6MantisBT CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
d16b31ce8fbf08114e5733901215b9a05ad79cc8ab7189291699e00407f1230fAn issue with Adaptive Authentication (On-Premise) was discovered which in certain circumstances might affect the out-of-the-box available authentication methods. In certain circumstances, when authentication information is compromised, and with the knowledge of additional session information, the authentication information might be reused within an active session.
705640844e3218280739e05b70454508fb07cd93b7ee35a36dbdff0c16b67e13WordPress Contus HD FLV Player plugin versions 1.3 and below suffer from a remote SQL injection vulnerability.
bf06738415313514441fcbf82dbf7d2b323fc4b0995a800ec49c396584e50443IC-Discover is a fast multi-threaded sub-domain discovery tool written in C.
31b5e24620b2f2e1473b3a97c48e8b103eb356d74262fd3bc9a3875f45f43c10Zero Day Initiative Advisory 11-270 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. This can be leveraged to execute arbitrary code within the context of the browser.
0f368d6df5a7ffd0df32d49af6804ae79620976925fef31f93bc05c7ebc777eeStudioLine Photo Basic version 3.70.34.0 suffers from an active-x control insecure method vulnerability.
979702684f53f9be14583275bd1378a36cd6c22a781699f5f71d5f1d8cfa67cfWordPress File Groups plugin versions 1.1.2 and below suffer from a remote SQL injection vulnerability.
da50af2627e8c92741bcc4092656427b01f3fbffc604f71ad782f4791300118cSoftwareDEP Classified Script version 2.5 suffers from a remote SQL injection vulnerability.
401ec9efd91e5229aa4c9c0cfe21a8c6657050e1697416f9718ea15ad01e50c8Debian Linux Security Advisory 2295-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
95219bca0ef6e4dde58235d45a45ea554744df01190f82f59e0dd3dc26f57eafCm2net suffers from a remote SQL injection vulnerability.
09902587d2f613a8ae99083cce1a28e72f9f98c3462e641e20b903cb6334d2d6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed