Monthly Archive: December 2010

Opera before 11.00, when Opera Turbo is enabled, does not display a page’s security indication, which makes it easier for remote attackers to spoof trusted content via a crafted web site. Date published :...

Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. Date published : 2010-12-21 http://www.opera.com/docs/changelogs/mac/1100/ http://www.opera.com/docs/changelogs/unix/1100/

Unspecified vulnerability in Opera before 11.00 has unknown impact and attack vectors, related to "a high severity issue." Date published : 2010-12-21 http://www.opera.com/docs/changelogs/mac/1100/ http://www.opera.com/docs/changelogs/unix/1100/

Opera before 11.00 does not clear WAP WML form fields after manual navigation to a new web site, which allows remote attackers to obtain sensitive information via an input field that has the same...

Opera before 11.00 does not properly constrain dialogs to appear on top of rendered documents, which makes it easier for remote attackers to trick users into interacting with a crafted web site that spoofs...

Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences,...

browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)...

The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which allows user-assisted remote attackers to cause a denial...

The Pickle::Pickle function in base/pickle.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 on 64-bit Linux platforms does not properly perform pointer arithmetic, which allows remote attackers to bypass message deserialization validation,...

Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. Date published : 2010-12-21 http://www.securityfocus.com/archive/1/515306/100/0/threaded http://www.exploit-db.com/exploits/15741

Pointter PHP Content Management System 1.0 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. Date published : 2010-12-21 http://www.securityfocus.com/archive/1/515314/100/0/threaded http://www.exploit-db.com/exploits/15740

Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a...

Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x before 5.2.2.1771.2 allows remote attackers to execute arbitrary code via unknown vectors. Date published : 2010-12-21 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660122 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660122