what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Netscape 9.0.0.6 Cross Domain
Posted Sep 24, 2010
Authored by Securitylab Security Research | Site securitylab.ir

Netscape version 9.0.0.6 suffers from a cross domain vulnerability.

tags | exploit
SHA-256 | 75a7371ed98654afe562b947d7302bb8bd52503612106d59670dc3a29e5e3003

Related Files

Mandriva Linux Security Advisory 2012-122
Posted Aug 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-122 - Multiple vulnerabilities has been discovered and corrected in icedtea-web. An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the browser used, it may cause the browser to crash or possibly execute arbitrary code. It was discovered that the IcedTea-Web web browser plugin incorrectly assumed that all strings provided by browser are NUL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface. When used in a browser that does not NUL terminate NPVariant NPStrings, this could lead to buffer over-read or over-write, resulting in possible information leak, crash, or code execution. The updated packages have been upgraded to the 1.1.6 version which is not affected by these issues.

tags | advisory, web, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-3422, CVE-2012-3423
SHA-256 | e54255ca79425edaf6f80ec86b150446915000646da9fc75bb873211676e0a94
Ubuntu Security Notice USN-1521-1
Posted Jul 31, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1521-1 - Chamal De Silva discovered that the IcedTea-Web Java web browser plugin could dereference an uninitialized pointer. A remote attacker could use this to craft a malicious web page that could cause a denial of service by crashing the web browser or possibly execute arbitrary code. Steven Bergom and others discovered that the IcedTea-Web Java web browser plugin assumed that all strings provided by browsers are NULL terminated, which is not guaranteed by the NPAPI (Netscape Plugin Application Programming Interface). A remote attacker could use this to craft a malicious Java applet that could cause a denial of service by crashing the web browser, expose sensitive information or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, java, remote, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3422, CVE-2012-3423, CVE-2012-3422, CVE-2012-3423
SHA-256 | 501fee417fe6ba2b16a422f5cde669441ffad8611bba304f314fbdf49e7846e3
Red Hat Security Advisory 2012-1090-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1090-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0441
SHA-256 | 39c19044934dc07eaf2ccda4a7067b0b643c2cc6a9cc89a40b7f6f5157c495f1
Red Hat Security Advisory 2012-1091-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1091-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0441
SHA-256 | d72857c706afe58af56ef92496d0bf05c85429eac1b79962ede93b64b9d8c56a
Red Hat Security Advisory 2012-0973-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0973-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory
systems | linux, redhat
SHA-256 | bd86edb0d7d1e0e9eb08ff6f70f96509f32f3170947d1f455892784f3cc8b4f1
TLS/SSL Hardening And Compatibility Report
Posted Sep 30, 2011
Authored by Thierry Zoller | Site g-sec.lu

This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

tags | paper, protocol
SHA-256 | afe6f4a0ab4ce26e52bdcf64e8ae768dd81416309332ac0a348749bb8aaf5074
Red Hat Security Advisory 2011-1282-01
Posted Sep 13, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1282-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing.

tags | advisory, web
systems | linux, redhat
SHA-256 | a884a607ae27878afcfbd52fadabd7a11a89958104794a34bd7e1ee987079abe
Zero Day Initiative Advisory 11-181
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-181 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1707
SHA-256 | bc91adce1bd45fa15577bc229f615332822f74d37c5345e8507b31a5ec371be4
Zero Day Initiative Advisory 11-180
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-180 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the op-printer-list-all-jobs parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1708
SHA-256 | 76c8aac3aaa1dd56609ce784b9bfa3b944af2b8b4f7a710acf917d2d9e1b9047
Zero Day Initiative Advisory 11-179
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-179 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the iprint-client-config-info parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1706
SHA-256 | 279b78ac788ad0454a5133cf6744fcf7bb29e7c71aca991801aa631596d22d61
Zero Day Initiative Advisory 11-178
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-178 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the client-file-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1705
SHA-256 | 19164593dc3e90806077d1518c8540b9e8f300b001a3af65d3fb1277e4e7be52
Zero Day Initiative Advisory 11-177
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-177 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the core-package parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1704
SHA-256 | ac1efaf5779eeb72f56f7491fcc3d526815a0390b13d4749ed832449cf22ee2c
Zero Day Initiative Advisory 11-176
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-176 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the driver-version parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1703
SHA-256 | d45f7d6368fec8e56ca1c84b3746499b68d60c04754388900ad430e4dcc0ed50
Zero Day Initiative Advisory 11-175
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-175 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the file-date-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1702
SHA-256 | b6cb5abb6a7836d36ebdacb59edab2ec56ed12b7a1c4cda0594cd08b3de61de9
Zero Day Initiative Advisory 11-174
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-name parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1701
SHA-256 | 391d941cb7c01a87b45b4ed3b8241392cada1729c9da357c02e067eb7810fc4f
Zero Day Initiative Advisory 11-173
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the profile-time parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1700
SHA-256 | dcf111bdf57ff890992aa66a9d218515a80d32d588c6a618e43708c8cc8b43f8
Zero Day Initiative Advisory 11-172
Posted Jun 7, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib component which is used by both the ActiveX and Netscape compatible browser plugins. When handling the uri parameter from the user specified printer-url the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2011-1699
SHA-256 | 631493c59c0625b36a02bbc87da0aeaa288888ee2c3ef992acee4d4a997a7383
Zero Day Initiative Advisory 10-295
Posted Dec 27, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-295 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the both the Netscape (Firefox) and ActiveX (Internet Explorer) plugin components npnipp.dll and ienipp.ocx which are installed by default with the iPrint client. When handling the printer-state-reasons operation provided via the embed tag the module makes a request to the specified printer-url and performs insufficient validation of the size of the printer-state-reasons status response. The process then copies this user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

tags | advisory, remote, arbitrary, activex
SHA-256 | 1a444b90128533e815e8cfb508e60327b810b7bd2bb1a698ab98b745fc9317a3
Mandriva Linux Security Advisory 2010-248
Posted Dec 8, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-248 - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2010-4180
SHA-256 | 0fb80493b5de14184b37107e51a4ef79834ed23a3a5deaf0133ebe29ebebf177
Netscape Browser 9.0.0.6 Clickjack
Posted Jul 18, 2010
Authored by Pouya Daneshmand

Netscape Browser version 9.0.0.6 clickjacking proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | a97b5d162bdb289c3c56bd5328ad7a284f98b1b0906436a6922b33423cd0e1b1
VMware Security Advisory 2010-0001
Posted Jan 7, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Service console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR) are updated to versions nss-3.12.3.99.3-1.2157 and nspr-4.7.6-1.2213 respectively. This patch fixes several security issues in the service console packages for NSS and NSPR.

tags | advisory
advisories | CVE-2009-2409, CVE-2009-2408, CVE-2009-2404, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382
SHA-256 | 750bfc5b2e28a67af487861fbcc96e099b1881a6cbe999078d4626cf32cfde37
Debian Linux Security Advisory 1931-1
Posted Nov 16, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1931-1 - Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-1563, CVE-2009-2463
SHA-256 | 1dd5caa885d4b33e9a984b9d27896dae4095bbfbe03a2292c41fb3e3e161e3ec
ECMAScript Denial Of Service
Posted Jul 17, 2009
Authored by Thierry Zoller

ECMAScript in IE5, IE6, IE7, IE8, Netscape, Firefox, Safari, Opera, Konqueror, Seamonkey, Wii, PS3, iPhone, iPod, Nokia, Siemens and various other browsers allows for a denial of service condition.

tags | exploit, denial of service
systems | apple, iphone
advisories | CVE-2009-1692
SHA-256 | 0565fa347a433f911f7bc37200f43fcc3f38e665338086d0cdaaf81a0163b693
Secunia Security Advisory 34226
Posted Mar 11, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for netscape-flash. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, disclose sensitive information, and potentially compromise a user's system.

tags | advisory, local, vulnerability, xss
systems | linux, gentoo
SHA-256 | 712c0bc89df13411a97d60efe51d28c59f0dc4b11ad17af0abc39ebdc49bc304
SA-20081016-0.txt
Posted Oct 17, 2008
Authored by D. Matscheko | Site sec-consult.com

SEC Consult Security Advisory 20081016-0 - Instant Expert Analysis uses a signed Java applet for Firefox or Netscape browsers and a signed ActiveX plugin for Internet Explorer. Both applets allow an attacker to download and execute arbitrary applications when the user visits an infected website.

tags | advisory, java, arbitrary, activex
SHA-256 | 4389e14bdabddae18e2fd1658419cc963957c03ba043729d6ea732a805c3413c
Page 1 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close