[Forgot Password]
Login  Register Subscribe

24003

 
 

131425

 
 

103942

 
 

909

 
 

84057

 
 

133

 
 
Paid content will be excluded from the download.

Filter
Matches : 2002 Download | Alert*

Security researcher Seb Patane reported an issue with the Mozilla Maintenance Service on Windows. He discovered that when the Mozilla Updater executable was inaccessible, the Maintenance Service will behave incorrectly and can be made to use an updater at an arbitrary location. This updater will run with the system privileges used by the Maintenance Service, allowing for local privilege escalatio ...

Security researcher Johnathan Kuskos reported that Firefox is sending data in the body of XMLHttpRequest (XHR) HEAD requests, which goes against the XHR specification. This can potentially be used for Cross-Site Request Forgery (CSRF) attacks against sites which do not distinguish between HEAD and POST requests.

The host is missing a critical security update according to Microsoft security bulletin, MS13-091. The update is required to fix multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle crafted WordPerfect document (.wpd) file. Successful exploitation could allow attackers to execute arbitrary code.

The host is missing an important security update according to Microsoft bulletin, MS13-073. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle certain objects in memory. Successful exploitation allows attackers to execute arbitrary code.

The host is missing an important security update according to Microsoft security bulletin, MS13-071. The update is required to fix remote code execution vulnerability. The flaw is present in the Windows theme file (Themeui.dll), which fails to properly handle crafted Windows theme when user forced open the file or apply the theme. Successful exploitation allows attackers to execute arbitrary code.

The host is missing a critical security update according to MFSA 2012-10. A flaw is present in the applications, which fail to properly handle nsXBLDocumentInfo::ReadPrototypeBindings function call. Successful exploitation allows remote attackers to cause arbitrary code to be executed on the target user's system.

The host is missing a critical security update according to Adobe advisory, MFSA 2012-06 . The update is required to fix an information disclosure vulnerability. A flaw is present in the applications, which fail to properly initialize data for image/vnd.microsoft.icon images. Successful exploitation could allow attackers to obtain potentially sensitive information by reading a PNG image that was ...

The host is missing a critical security update according to Mozilla advisory, MFSA 2012-05. The update is required to fix multiple cross site scripting vulnerabilities. The flaws are present in the applications, which fail to properly enforce XPConnect security restrictions for frame scripts that call untrusted objects. Successful exploitation could allow attackers to inject arbitrary web script o ...

The host is missing a critical security update according to Mozilla advisory, MFSA 2012-03. The update is required to fix a security bypass vulnerability. A flaw is present in the applications, which fail to handle a form submission target with a sub-frame's name attribute. Successful exploitation could allow attackers to bypass the HTML5 frame-navigation policy.

The host is missing a critical security update according to Mozilla advisory, MFSA 2012-04. The update is required to fix an use-after-free vulnerability. A flaw is present in the applications, which fail to handle vectors related to incorrect AttributeChildRemoved notifications. Successful exploitation could allow attackers to execute arbitrary code.


Pages:      Start    168    169    170    171    172    173    174    175    176    177    178    179    180    181    ..   200

© 2013 SecPod Technologies