BarCodeWiz ActiveX LoadProperties Buffer Overflow

Added: 05/23/2011 CVE: CVE-2010-2932 BID: 42097 OSVDB: 66882 Background BarCodeWiz Barcode ActiveX Control is a tool for generating barcodes in Microsoft Office documents, and for Visual Basic, Visual C++, VB.NET, C, or Delphi developer looking to include barcodes in programs. Problem The...

Red Hat Enterprise Linux 6.1 Released !

Red Hat Enterprise Linux 6.1 is now available at https://www.redhat.com/rhel/. Enhancements provide improvements in system reliability, scalability and performance, coupled with support for upcoming system hardware. This release also delivers patches and security updates, while maintaining...

JVN#99175647: Virus Buster 2009 key input encryption function vulnerability

The key input encryption function in Virus Buster 2009 contains a vulnerability where a portion of password that is entered in the web browser is not properly encrypted. Impact When input information is stolen by a key logger, portions of the information may be leaked in plaintext. Solution Updat...

JVN#37878530: EC-CUBE vulnerable to cross-site request forgery

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, information stored within EC-CUBE may be altered. Solution Update the Software Apply t...

kusaba x 0.9.1 - Multiple Vulnerabilities

kusaba x 0.9.1 - Multiple Vulnerabilities KusabaX XSS and CSRF Vulnerabilites Product: KusabaX and various Futaba channels clone Vendor site: http://kusabax.cultnet.net/ Affected versions: KusabaX " ----------------------------------------------------- Attackers can exploit these weaknesses to...

Joomla Themes Cross Site Scripting / Denial Of Service

Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in multiple themes and components for Joomla. ------------------------- Affected products: ------------------------- Similarly to vulnerabilities in multip...

RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2009:1662)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Sun Java...

[SECURITY] Fedora 14 Update: kdesdk-4.6.2-1.fc14

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided translation...

[SECURITY] Fedora 15 Update: kdesdk-4.6.2-1.fc15

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided translation...

Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)

This host is missing a critical security update according to Microsoft Bulletin MS11-027. OpenVAS Vulnerability Test $Id: secpodms11-027.nasl 8724 2018-02-08 15:02:56Z cfischer $ Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability 2508272 Authors: Veerendra G...

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with...

JVN#11424086: Password Vault Web Access vulnerable to cross-site scripting

Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of an user who is logged on. Solution Apply a patch Apply t...

Microsoft Releases Advance Notification for April Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...

Making An Application Security Program Succeed

After winning the attention, and hopefully the backing of executives, as we covered in The Challenge of Starting an Application Security Program, it becomes much more straightforward to win the funding needed for the right tools, services, and training needed for secure application development. N...

GNOME 3.0 Released , Available for Download !

GNOME 3.0 Released , Available for Download ! GNOME 3.0 is a major milestone in the history of the GNOME Project. The release introduces an exciting new desktop which has been designed for today's users and which is suited to a range of modern computing devices. GNOME's developer technologies hav...

SMF 2.0 RC5 Shell Upload

Title : SMF 2.0 RC5 Remote Shell Upload Exploit Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Remote Shell Upload Tested on : Windows XP sp3 FR » In The name of Allah Go0Gle D0rk : "Power...

Zero-day Flash vulnerability fixed in Chrome, still unpatched elsewhere

Google, proving the efficacy of Chrome's built-in Flash Player and its early, insider access to Adobe's developer builds, has fixed the zero-day vulnerability that emerged last week. The hole will be plugged on other platforms and browsers by a new version of Flash 10.1 and 10.2 that should've be...

Tumblr security flaw : server IPS, API keys, passwords, etc were leaked !

Update : Tumblr security flaw, Clarification by Tumblr official staff ! : The Hacker News There is a possible security issue with Tumblr. Basically a lot of confidential information, including server IPS, API keys, passwords, etc were leaked. There are some of the stuff that got disclosed:...

W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion

Hello list! I want to warn you about Cross-Site Scripting, Local File Inclusion and Brute Force vulnerabilities in W-Agora. SecurityVulns ID: 11499. ------------------------- Affected products: ------------------------- Vulnerable are W-Agora 4.2.1 and previous versions. ---------- Details:...

Yahoo India R&D to Host 'HACK U' for IIT Kharagpur Students !

Yahoo! India R&D will be hosting 'HACK U'– the University Hack Day event for IIT Kharagpur students on campus between 17 and 20 March. Close to 250 students are expected to participate in this four day event of learning, hacking and fun, which is part of Yahoo!'s on-going commitment to nurture...