Binus Hacker - Independent Hacking Community   Subscribe to BINUS HACKER Subscribe to BINUS HACKERSubscribe to BINUS HACKER FacebookSubscribe to BINUS HACKER Twitter

Exploit


EXPLOIT DATABASE

PACKETSTORM DATABASE

  • 4 February 2012: Mandriva Linux Security Advisory 2012-013 - Files ≈ Packet Storm
    Mandriva Linux Security Advisory 2012-013 - Security issues were identified and fixed in mozilla firefox and thunderbird. Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Various other issues were also addressed.
  • 4 February 2012: Ubuntu Security Notice USN-1355-1 - Files ≈ Packet Storm
    Ubuntu Security Notice 1355-1 - It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
  • 4 February 2012: Ubuntu Security Notice USN-1355-2 - Files ≈ Packet Storm
    Ubuntu Security Notice 1355-2 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
  • 4 February 2012: Ubuntu Security Notice USN-1355-3 - Files ≈ Packet Storm
    Ubuntu Security Notice 1355-3 - USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. It was discovered that if a user chose to export their Firefox Sync key the "Firefox Recovery Key.html" file is saved with incorrect permissions, making the file contents potentially readable by other users. Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Firefox can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
  • 4 February 2012: Conduit Wibiya Login Toolbar Cross Site Scripting - Files ≈ Packet Storm
    Conduit Wibiya Login Toolbar suffers from a cross site scripting vulnerability.
  • 4 February 2012: Conduit Wibiya Password Recovery Toolbar Cross Site Scripting - Files ≈ Packet Storm
    Conduit Wibiya Password Recovery Toolbar suffers from a cross site scripting vulnerability.
  • 4 February 2012: Conduit Image Search Engine Cross Site Scripting - Files ≈ Packet Storm
    Conduit Image Search Engine suffers from a cross site scripting vulnerability.
  • 4 February 2012: EMC Documentum xPlore Information Disclosure - Files ≈ Packet Storm
    EMC Documentum xPlore contains an information disclosure vulnerability that may allow unauthorized users, under certain circumstances, to see certain information on protected objects in an xPlore search result. They will not, however, be allowed to view the objects themselves, or any associated content. Versions 1.0, 1.1 and 1.2 are affected.
  • 4 February 2012: Simkom Cross Site Scripting - Files ≈ Packet Storm
    Simkom suffers from a cross site scripting vulnerability.
  • 4 February 2012: Douglass Media SQL Injection - Files ≈ Packet Storm
    Douglass Media suffers from a remote SQL injection vulnerability.
  • 4 February 2012: Anfibia Remote Command Execution - Files ≈ Packet Storm
    Anfibia suffers from a remote command execution vulnerability.
  • 4 February 2012: Raw CMS Cross Site Scripting - Files ≈ Packet Storm
    Raw CMS suffers from a cross site scripting vulnerability.
  • 3 February 2012: PHP-Fusion 7.02.04 SQL Injection - Files ≈ Packet Storm
    PHP-Fusion version 7.02.04 suffers from a remote SQL injection vulnerability in weblinks.php.
  • 3 February 2012: Port Tester 0.1 - Files ≈ Packet Storm
    This is a simple little port scanning script written in python.
  • 3 February 2012: RFC6528 - Defending Against Sequence Number Attacks - Files ≈ Packet Storm
    This document specifies an algorithm for the generation of TCP Initial Sequence Numbers (ISNs), such that the chances of an off-path attacker guessing the sequence numbers in use by a target connection are reduced. This document revises (and formally obsoletes) RFC 1948, and takes the ISN generation algorithm originally proposed in that document to Standards Track, formally updating RFC 793.

OPENSOURCE VULNERABILITY DATABASE

SECURITYFOCUS DATABASE