9454 matches found
Foscam Firmware 11.37.2.48 Path Traversal
CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...
Debian DSA-2635-1 : cfingerd - buffer overflow
Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection
Onapsis Security Advisory 2013-005: SAP CCMS Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...
Debian Security Advisory DSA 2635-1 (cfingerd - buffer overflow)
Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. OpenVAS Vulnerability Test $Id: deb2635.nasl 6611 2017-07-07...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...
TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (advReplicationAdmin) (CVE-2013-0372)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager advReplicationAdmin February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits:...
TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...
TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7,...
TeamSHATTER Security Advisory: SQL Injection in Oracle EM (streams queue) (CVE-2013-0373)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager streams queue February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...
TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...
Nagios NRPE 2.13 Code Execution
Summary: --------------- CVE-ID: CVE-2013-1362 CVSS: Base Score 7.5 CVSS2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:N/CR:L/IR:L/AR:L Vendor: Nagios Affected Products: NRPE Affected Platforms: All Affected versions: '"\;" This allows the passing of $ to plugins/scripts which, if...
Oracle Application Express (Apex) Unspecified Issues (pre 3.1)
There are unspecified vulnerabilities in the Application Express component of the Oracle Database. The updated version 3.1 contains two security fixes for vulnerabilities of which one is remotely exploitable without authentication...
Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)
There are unspecified vulnerabilities in versions prior to version 2.2.1 of the Oracle Application Express component of the Oracle Database. The updated version of Apex contains '35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication'...
Wrapped WebIDL objects can be wrapped again — Mozilla
Mozilla developer Boris Zbarsky reported that in some circumstances a wrapped WebIDL object can be wrapped multiple times, overwriting the existing wrapped state. This could lead to an exploitable condition in rare cases...
SAP NetWeaver Message Server - Multiple Vulnerabilities
SAP NetWeaver Message Server - Multiple Vulnerabilities 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date...
SAP NetWeaver Message Server - Multiple Vulnerabilities
Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update: 2013-02-13 Vendors contacted: SAP Release...
Samba < 3.5.21 / 3.6.12 / 4.0.2 SWAT Multiple Vulnerabilities
According to its banner, the version of Samba running on the remote host is 3.5.x prior to 3.5.21, 3.6.x prior to 3.6.12, or 4.x prior to 4.0.1. It is, therefore, affected by the following vulnerabilities : - An unspecified flaw exists in the Samba Web Administration Tool SWAT that allows a remot...
Buffer Overflow vulnerability in VLC media player
VideoLAN recently published a security advisory warning of a buffer overflow vulnerability in versions 2.0.5 and earlier of VLC Media Player, which might be exploited to execute arbitrary code. This vulnerability was reported by Debasish Mandal. The vulnerability is caused due to an error in the...