The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors. Date published : 2010-11-05 http://groups.google.com/group/turbogears-announce/msg/09ec26696b1761bb?dmode=source&output=gplain
The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue...
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and...
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Date...
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service...
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid...
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font. Date published : 2010-11-05 http://code.google.com/p/chromium/issues/detail?id=59320...
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections. Date published : 2010-11-05 http://code.google.com/p/chromium/issues/detail?id=58741 http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have...
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or...
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained...
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. Date published : 2010-11-05 http://www.securityfocus.com/archive/1/514494/100/0/threaded http://www.exploit-db.com/exploits/15327
NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with cleartext fields containing details about client machines, which allows remote attackers to obtain potentially sensitive information by sniffing the network. Date published : 2010-11-05 http://www.kb.cert.org/vuls/id/465239...