McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Code Execution

McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject Code Execution McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control GetObject Security Bypass Remote Code Execution Vulnerability tested against: Microsoft Windows Vista sp2 Microsoft Windows 2003 r2...

Amauta Consultores CMS SQL Injection

Exploit Title : AMAUTA CONSULTORES CMS SQL Injection Vulnerability Author : Secure-Land Security Team Discovered By : farbodmahini Home : Secure-Land.net Vendor : www.amautaperu.com Contact : [email protected] , [email protected] Security Risk : High DorK : "Powered by AMAUTA CONSULTORES...

Multiple security flaws fixed in FreeType v2.4.9 — Mozilla

Mateusz Jurczyk of the Google Security Team used the Address Sanitizer tool to discover a series of memory safety bugs in the FreeType library, some of which could cause memory corruption and exploitable crashes with certain fonts and font parsing. Firefox Mobile has been upgraded to FreeType...

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

Asterisk Project Security Advisory - AST-2012-005 Product Asterisk Summary Heap Buffer Overflow in Skinny Channel Driver Nature of Advisory Exploitable Heap Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On March 26, 2012 Reported By Russell...

Potential memory corruption during font rendering using cairo-dwrite — Mozilla

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupport...

use-after-free in IDBKeyRange — Mozilla

Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. When it is destroyed, this causes a use-after-free, which is potentially exploitable...

SuSE9 Security Update : Acrobat Reader (YOU Patch Number 10316)

This update fixes a buffer overflow in Acrobat Reader versions 5 and 7, where an attacker could execute code by providing a handmade PDF to the viewer. The Acrobat Reader 5 versions of 9.1 and 9.2 were upgraded to Acrobat Reader 7. This version upgrade can cause new dependencies to appear, please...

Incomplete protection of Oracle Database locked accounts (CVE-2012-0510)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Incomplete protection of Oracle Database locked accounts. Risk Level: Low Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.5 and previous patchsets and 11gR1 11.1.0.7 and previous patchsets...

SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page) (CVE-2012-0512)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

Oracle Enterprise Manager vulnerable to Session fixation (CVE-2012-0528)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Oracle Enterprise Manager vulnerable to Session fixation. Risk Level: Low Affected versions: Oracle Enterprise Manager Database Control 10.2.0.5, 11.1.0.7 and previous patchsets Remote exploitable: Yes Credits:...

Oracle Enterprise Manager SQL injection Vulnerability

Exploit for jsp platform in category web applications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control...

Oracle Enterprise Manager searchPage SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

Oracle Enterprise Manager compareWizFirstConfig SQL injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager compareWizFirstConfig web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 and previous patchsets Oracle...

Microsoft SQL Server Privilege Escalation / SQL Injection

No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...

Dolibarr ERP & CRM OS Command Injection

Exploit for php platform in category web applications Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection

Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...

Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection

Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes Locally Exploitable: Yes 3. Software...

Dolibarr ERP / CRM OS Command Injection

Exploit for php platform in category web applications Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...