9454 matches found
Tridium NiagaraAX Directory Traversal Vulnerability
Overview This advisory provides mitigation details for a vulnerability in the Tridium NiagaraAX software. Independent researchers Billy Rios and Terry McCorkle discovered a directory traversal vulnerability in the Tridium NiagaraAX software product. They demonstrated that with a valid user accoun...
LiveZilla 5.0.1.4 - Remote Code Execution
LiveZilla 5.0.1.4 - Remote Code Execution CVE-2013-6225: Security Advisory – Curesec Research Team 1. Introduction Advisory ID: Cure-2013-1007 Advisory URL: https://www.curesec.com/de/veroeffentlichungen /advisories.html Blog URL: https://cureblog.de/2013/11/remote-code-execution-in-livezilla/...
Ecava IntegraXor ActiveX Buffer Overflow
Overview This advisory provides mitigation details for a vulnerability that impacts the Ecava IntegraXor application. Independent researcher Andrew Brooks has identified a buffer overflow vulnerability in Ecava’s IntegraXor application. Ecava has produced a patch that mitigates this vulnerability...
Vivotek IP Cameras RTSP Authentication Bypass
1. Advisory Information Title: Vivotek IP Cameras RTSP Authentication Bypass Advisory ID: CORE-2013-0704 Advisory URL:http://www.coresecurity.com/core-labs/advisories/vivotek-ip-cameras-rtsp-authentication-bypass Date published: 2013-11-05 Date of last update: 2013-11-05 Vendors contacted: Vivote...
Use-after-free in HTML document templates — Mozilla
Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a user-after-free when interacting with HTML document templates. This leads to a potentially exploitable crash...
Use-after-free when updating offline cache — Mozilla
Security researcher Byoungyoung Lee of Georgia Tech Information Security Center GTISC used the Address Sanitizer tool to discover a use-after-free during state change events while updating the offline cache. This leads to a potentially exploitable crash...
Miscellaneous use-after-free issues found through ASAN fuzzing — Mozilla
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover missing strong references in browsing engine leading to use-after-frees. This can lead to a potentially exploitable crash...
Memory corruption in workers — Mozilla
Security researcher Nils used the Address Sanitizer tool while fuzzing to discover a memory corruption issue with the JavaScript engine when using workers with direct proxies. This results in a potentially exploitable crash...
InduSoft ISSymbol ActiveX Control Buffer Overflow (Update A)
Overview Security researcher Dmitriy Pletnevo of Secunia ResearchSecunia Research, http://secunia.com/secuniaresearch/2011-36/, website last accessed June 16, 2011. has released details of multiple overflow vulnerabilities affecting the InduSoft ISSymbol ActiveX control. The researcher identified...
Course Registration Management System - Cross-Site Scripting / SQL Injection
source: https://www.securityfocus.com/bid/63435/info Course Registration Management System is prone to multiple cross-site scripting and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code i...
Rockwell Automation ControlLogix PLC Vulnerabilities
Overview This advisory is a follow up to the original alert titled ICS-ALERT-12-020-02A—Rockwell Automation ControlLogix PLC Vulnerabilities that was published February 14, 2012, on the ICS-CERT Web page. Independent researcher Rubén Santamarta of IOActive identified vulnerabilities in Rockwell...
Drupal Quick Tabs 6.x / 7.x Access Bypass
No description provided by source. Drupal Quick Tabs third party module versions 6.x and 7.x suffer from an access bypass vulnerability. View online: https://drupal.org/node/2103187 Advisory ID: DRUPAL-SA-CONTRIB-2013-078 Project: Quick Tabs 1 third-party module Version: 6.x, 7.x Date:...
OWASP ESAPI Security Advisory: MAC Bypass in ESAPI Symmetric Encryption
OWASP ESAPI for Java Security Advisory 1 The OWASP Foundation MAC Bypass in ESAPI Symmetric Encryption Summary ======= Category: Symmetric cryptography Module: ESAPI Encryptor interface Announced: 2013-08-23 via ESAPI-Dev mailing list...
PinApp Mail-SeCure 3.70 - Access Control Failure
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ PinApp Mail-SeCure Access Control Failure 1. Advisory Information Title: PinApp Mail-SeCure Access Control Failure Advisory ID: CORE-2013-0904 Advisory URL:...
SimpleRisk 20130915-01 - Multiple Vulnerabilities
Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-A3 Impact: Full Account Compromise...
SimpleRisk 20130915-01 Cross Site Request Forgery / Cross Site Scripting
Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-A3 Impact: Full Account Compromise...
SimpleRisk 20130915-01 - Multiple Vulnerabilities
SimpleRisk 20130915-01 - Multiple Vulnerabilities 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS...
Calling scope for new Javascript objects can lead to memory corruption — Mozilla
Mozilla community member Ms2ger found a mechanism where a new Javascript object with a compartment is uninitialized could be entered through web content. When the scope for this object is called, it leads to a potentially exploitable crash...
Compartment mismatch re-attaching XBL-backed nodes — Mozilla
Security researcher Sachin Shinde reported that moving certain XBL-backed nodes from a document into the replacement document created by document.open can cause a JavaScript compartment mismatch which can often lead to exploitable conditions...
Use-after-free in Animation Manager during stylesheet cloning — Mozilla
Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash...