Security Flaws in UPnP protocol put 50 million devices at risk

A Security Flaw in Universal Plug & Play UPnP are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper, that problem lies in routers and other networking equipment that use a commonly employed standard know...

Ruby on Rails JSON Processor YAML Deserialization Code Execution

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...

NSOADV-2013-001: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/appliance/)

-------------------------- NSOADV-2013-001 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /appliance/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11...

NSOADV-2013-002: DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass (/sgms/)

-------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 111111...

SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 8426)

Mozilla Firefox was updated to the 10.0.12ESR release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume...

SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

Exploit for multiple platform in category web applications -------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001...

SonicWALL GMSViewpointAnalyzer - Authentication Bypass

SonicWALL GMSViewpointAnalyzer - Authentication Bypass -------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 ...

DELL SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass

-------------------------- NSOADV-2013-002 --------------------------- SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass /sgms/ 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 111111...

Mozilla Thunderbird Multiple Vulnerabilities-05 (Jan 2013) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Firefox < 18.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

Firefox < 18.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 18.0 and thus, is potentially affected by the following security issues : - Multiple unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities

Binary data 801345.prm...

SeaMonkey < 2.15 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.15 and thus, is potentially affected by the following security issues : - Multiple, unspecified use-after-free, out-of-bounds read and buffer overflow errors exist. CVE-2012-5829, CVE-2013-0760, CVE-2013-0761, CVE-2013-0762, CVE-2013-0763,...

Mozilla SeaMonkey 2.x <= 2.14 Multiple Vulnerabilities

Binary data 801376.prm...

Memory corruption in XBL with XML bindings containing SVG — Mozilla

Security researcher Sviatoslav Chagaev reported that when using an XBL file containing multiple XML bindings with SVG content, a memory corruption can occur. In concern with remote XUL, this can lead to an exploitable crash...

Buffer Overflow in Canvas — Mozilla

Security researcher miaubiz used the Address Sanitizer tool to discover a buffer overflow in Canvas when specific bad height and width values were given through HTML. This could lead to a potentially exploitable crash...

Crash due to handling of SSL on threads — Mozilla

Mozilla community member Jerry Baker reported a crashing issue found through Thunderbird when downloading messages over a Secure Sockets Layer SSL connection. This was caused by a bug in the networking code assuming that secure connections were entirely handled on the socket transport thread when...

Use-after-free and buffer overflow issues found using Address Sanitizer — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team discovered a series critically rated of use-after-free, out of bounds read, and buffer overflow issues using the Address Sanitizer tool in shipped software. These issues are potentially exploitable, allowing for remote...

Rockwell Automation FactoryTalk and RSLinx Vulnerabilities

OVERVIEW --------- Begin Update A Part 1 of 4 -------- This updated advisory is a follow-up to the original advisory titled ICSA-13-095-02 Rockwell Automation FactoryTalk and RSLinx Vulnerabilities that was published April 5, 2013, on the ICS-CERT Web page. --------- End Update A Part 1 of 4...

Wind River VxWorks SSH and Web Server and General Electric D20MX

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Wind River, General Electric Equipment: VxWorks, D20MX --------- Begin Update A Part 1 of 4 --------- Vulnerabilities: Improper Input Validation --------- End Update A Part 1 of 4 --------- 2...