Mandriva Linux Security Advisory 2012-146 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Various other issues have also been addressed.
d9b0e412f5ed192520dfac9c307c9df27ba2b4bccfafea9d868885005ffef2ebMandriva Linux Security Advisory 2012-145 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other issues have also been addressed.
9fbb0084a57f0671e6c2c0ce4d1e2841a703b2cf91116f2f1ffd7567ef4804dcRed Hat Security Advisory 2012-1211-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malicious Scalable Vector Graphics image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
8c97839258033a6c0ad46097a7e78aa875b3917ef4f5ccb91b32af7bc915816eRed Hat Security Advisory 2012-1210-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.
9b5a9cea8f65e07fb2da4b3a175b7587efbc9e0360d69000b2ead87872003321ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffcPuma.com suffers from a cross site scripting vulnerability.
9a6077194d65dfacc4d2f18883f2652b3d4f693d2182054e755895b95d48e936Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
7938b500996336df96808c40f3d1aa2ec7ab56a086cb184341748ff728e6ec44Secunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to cause a DoS (Denial of Service).
c1aa8c327a4f7c4470540686f5c87599e018b3b674100c125d0ee45adc7f87b0Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
13825168a3825675f25b18e32c52792602c8715895e204ddd5686bdd69a09e47Secunia Security Advisory - Ubuntu has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
1a1587258c7647774a0fb54acfc08e82810406e76fa1a452dae41c42985155ebSecunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct phishing attacks, and compromise a user's system.
b63a1f551a67861ee8ae508d94306fe2f1b051184498da150c1ea24186ccf39aSecunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
0233ca4e89f1d124dce0ee10ec07c604bba6346399daddcf115256f273e09d7eSecunia Security Advisory - Some vulnerabilities have been reported in op5 Monitor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.
6928f7f24b305bcb57a4ef0c47d4f2bdd2a2fbc039798601ad93185af8805548Secunia Security Advisory - Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
0a4d844a10cfd1f352896a2efa65a6dba99d9258f0e5537a916317c43da1e234Secunia Security Advisory - A vulnerability has been reported in Atlassian Bamboo, which can be exploited by malicious people to compromise a vulnerable system.
2814041ba8fc9db7912b83beca6dadd7cf24dea41de74cff6cb686a2056a8e6dSecunia Security Advisory - Two weaknesses and some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks, conduct spoofing attacks, and bypass certain security restrictions.
e60dc08ba01e11022bcb5b67df20aa62ee01b2897f073690ddce646028c8fd97Secunia Security Advisory - Multiple vulnerabilities have been reported in SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.
624455266972714285a26f15f0a55cb838bb98c054ad76109a940de78fdeabb6Secunia Security Advisory - A vulnerability has been reported in op5 Monitor, which can be exploited by malicious users to conduct SQL injection attacks.
0485f06a813c37cbb5dc852244afcef98298fd67b16bc0513883a8073ed5b246Secunia Security Advisory - A vulnerability has been reported in EMC Cloud Tiering Appliance, which can be exploited by malicious people to bypass certain security restrictions.
7f16ed01887ae3346d872da26fa70d8f408f7bcf5e17ba521e9f75cd53ee3550Secunia Security Advisory - A security issue and a vulnerability have been reported in IBM Infosphere Guardium, which can be exploited by malicious users to disclose certain sensitive information and by malicious people to conduct cross-site request forgery attacks.
ccfcc6388b06b880b7f984079e000353bb576824868a7338ba7252e0ca071e21Secunia Security Advisory - BalaBit has acknowledged two vulnerabilities in syslog-ng Premium Edition, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
fa866a8756a19b8868b55b73dbf6d8cc79b5be27f5984754219b3a81fc1347eaSecunia Security Advisory - Some vulnerabilities have been reported in PrestaShop, which can be exploited by malicious people to conduct cross-site scripting attacks.
5a461073c6ad18dc7498c4abd4e3bfd310f7707f119d26217e013e21eafcda17Secunia Security Advisory - Some vulnerabilities have been reported in Phorum, which can be exploited by malicious people to conduct cross-site scripting attacks.
b7b95f2768a2c94096dbd106b71034dcb42b6467ec91752f6a2c606c6178066bA vulnerability in EMC Cloud Tiering Appliance aka CTA (formerly EMC FMA) could allow an unauthorized user to log in to the affected system as a GUI user with full administrative privileges by providing a specifically crafted malicious file during authentication process.
2c43c7c48281d37bb99bd411cd0836d97db5bdcfd9ed523346b4148742d663fbActFax version 4.31 local privilege escalation exploit that spawns cmd.exe.
697ffa7fdf16ff3683bbf980a8167a2982f5b6f043569821203b066d92d2311c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed