Apple Mac OSX Server - DirectoryService Buffer Overflow

Apple Mac OSX Server - DirectoryService Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...

MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities

MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...

CVE-2013-2504 : Matrix42 Service Desk XSS

43zsec SECURITY ADVISORY CVE ID : CVE-2013-2504 Product: Service Store 5.3 SP3 5.33.946.0 Vendor: matrix42 - member of asseco group Subject: Cross-site Scripting - XSS Classification: PCI 2.0: 6.5.7 PCI 1.2: 6.5.1 OWASP: A2 CWE: 79 CAPEC: 19 WASC: 08 Risk: High Effect: Remotely exploitable Author...

Vivotek IP Cameras - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...

Vivotek IP Cameras - Multiple Vulnerabilities

Vivotek IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...

Vivotek IP Camera Buffer Overflow / Injection Vulnerabilities

Core Security Technologies Advisory - Vivotek IP Cameras suffer from information leak, buffer overflow, authentication, path traversal, and command injection vulnerabilities. Vulnerable are Vivotek PT7135 IP camera with firmware 0300a, Vivotek PT7135 IP camera with firmware 0400a, and possibly...

Vivotek IP Camera Buffer Overflow / Disclosure / Injection

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...

D-Link IP Cameras Multiple Vulnerabilities

1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:http://www.coresecurity.com/core-labs/advisories/d-link-ip-cameras-multiple-vulnerabilities Date published: 2013-04-29 Date of last update: 2013-03-29 Vendors contacted: D-Link...

Unfixed Reflection API vulnerability reported in Java

Founder and CEO of Security Explorations of Poland, Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipp...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...

WebGL crash with Mesa graphics driver on Linux — Mozilla

Security researcher miaubiz used the Address Sanitizer tool to discover a crash in WebGL rendering when memory is freed that has not previously been allocated. This issue only affects Linux users who have Intel Mesa graphics drivers. The resulting crash could be potentially exploitable...

Out-of-bounds array read in CERT_DecodeCertPackage — Mozilla

Mozilla community member Ambroz Bizjak reported an out-of-bounds array read in the CERTDecodeCertPackage function of the Network Security Services NSS library when decoding a certificate. When this occurs, it will lead to memory corruption and a non-exploitable crash...

MailOrderWorks 5.907 - Multiple Vulnerabilities

MailOrderWorks 5.907 - Multiple Vulnerabilities Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System:...

Solaris 10 (sparc) : 150157-01 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Remote Procedure Call RPC. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can...

Vulnerabilities Continue to Weigh Down Samsung Android Phones

Attackers have long had an affinity for having their way with Android phones, but the hammer seems to have really come down over the last few months when it comes to devices manufactured by Samsung. Independent Italian researcher Roberto Paleari discussed several bugs he recently found in Samsung...

Gaming Platforms as an attack vector against remote systems

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are...

CVE-2013-1413

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...