[Forgot Password]
Login  Register Subscribe

24003

 
 

131423

 
 

103942

 
 

909

 
 

84080

 
 

133

 
 
Paid content will be excluded from the download.

Filter
Matches : 2169 Download | Alert*

The host is missing a security update according to, APPLE-SA-2008-02-06. The update is required to fix a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message. Successful exploitation could allow attackers to execute arbitrary code.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover an access violation due to uninitialized data during Extensible Stylesheet Language Transformation (XSLT) processing. This leads to a potentially exploitable crash.

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash.

Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash.

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash.

Security researcher Byoungyoung Lee of Georgia Tech Information Security Center (GTISC) used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash.

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js . This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.

Security researcher Jordi Chancel discovered a method to put arbitrary HTML content within <select> elements and place it in arbitrary locations. This can be used to spoof the displayed addressbar, leading to clickjacking and other spoofing attacks.

Compiler Engineer Dan Gohman of Google discovered a flaw in the JavaScript engine where memory was being incorrectly allocated for some functions and the calls for allocations were not always properly checked for overflow, leading to potential buffer overflows. When combined with other vulnerabilities, these flaws could be potentially exploitable.

Mozilla community member Ezra Pool reported a potentially exploitable crash on extremely large pages. This was caused when a cycle collected image object was released on the wrong thread during decoding, creating a race condition.


Pages:      Start    176    177    178    179    180    181    182    183    184    185    186    187    188    189    ..   216

© 2013 SecPod Technologies