Design/Logic Flaw

The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions...

Design/Logic Flaw

Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding...

Netgear WNDRMAC 1.0.0.22 Information Disclosure

Sense of Security - Security Advisory - SOS-12-005 Release Date. 13-May-2012 Last Update. - Vendor Notification Date. 06-Mar-2012 Product. NETGEAR WNDRMAC Platform. Hardware Affected versions. 1.0.0.22 and below Severity Rating. High Impact. Exposure of sensitive information Attack Vector. From...

Fedora 17 : puppet-2.7.13-1.fc17 (2012-6674)

With Fedora 17 using ruby-1.9.3, an update to puppet-2.7, which has improved support for ruby-1.9, is required. Note that ruby-1.9 is not fully supported in the puppet-2.7 series. Where possible, patches from the next upstream release branch will be backported to improve ruby-1.9 compatibility...

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

Design/Logic Flaw

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

CVE-2011-3620

Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username...

CVE-2011-3620

CVE-2011-3620 affects Apache Qpid prior to fixed releases; a flaw in the cluster-join credential verification allows remote attackers who know a valid cluster-username to obtain access to messaging and job functionality. Red Hat advisories (RHSA-2012:0528/0529) state the fix changes to the cluste...

CVE-2012-1190

Cross-site scripting XSS vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name...

Fedora 15 : puppet-2.6.16-1.fc15 (2012-6055)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Fedora 16 : puppet-2.6.16-1.fc16 (2012-5999)

This update fixes several security issues recently found in puppet related to filebucket functionality. For full details, refer to the upstream release notes : http://projects.puppetlabs.com/projects/1/wiki/ReleaseNotes2.6.15 Note that Tenable Network Security has extracted the preceding...

Car Portal CMS 3.0 CSRF / XSS / Shell Upload

Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product for running auto classifieds websites. It provid...

DoS vulnerability in WordPress

Hello 3APA3A! I want to warn you new about security vulnerability in WordPress. This is Denial of Service vulnerability. Which exists in security functionality, which protects against Abuse of Functionality vulnerability in WordPress, which I've disclosed in 2009 and which was not fixed correctly...

DSA-2443-1 linux-2.6 - several

Bulletin has no description...

Google Talk - 'gtalk://' Deprecated URI Handler Injection

Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of 1.0.0.105: http://www.google.com/talk/intl/it/...

Многочисленные уязвимости в EJBCA

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...

EJBCA 4.0.7 Cross Site Scripting / User Enumeration

Hello list! I want to warn you about multiple security vulnerabilities in Enterprise Java Beans Certificate Authority EJBCA. These are Cross-Site Scripting, Brute Force and Abuse of Functionality vulnerabilities. EJBCA it's a PKI server. Citation from official web site: A Certification Authority...

Design/Logic Flaw

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

[SECURITY] Fedora 15 Update: glibc-2.14.1-6

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...