9457 matches found
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities
Hikvision IP Cameras 4.1.0 b130111 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...
Crash during WAV audio file decoding — Mozilla
Security researcher Aki Helin from OUSPG used the Address Sanitizer tool to discover a crash during the decoding of WAV format audio files in some instances. This crash is not exploitable but could be used for a denial of service DOS attack by malicious parties...
Use after free mutating DOM during SetBody — Mozilla
Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when the Document Object Model is modified during a SetBody mutation event. This causes a potentially exploitable crash...
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras
Advisory ID Internal CORE-2013-0618 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:https://www.coresecurity.com/core-labs/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras Date published: 2013-07-30...
CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...
FOSCAM IP-Cameras - Improper Access Restrictions
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...
FOSCAM IP-Cameras Improper Access Restrictions
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...
XnView 2.03 - .pct Buffer Overflow
XnView 2.03 - .pct Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL:...
Oracle July 2013 Critical Patch Update patches 89 Flaws
It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a XSS vulnerability in the Web UI. A specialy crafted SMS can bypass the function used to sanitize incoming...
Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Oracle Linux 6 : nspluginwrapper (ELSA-2012-1459)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-1459 advisory. 1.4.4-1 - Rebase the package to latest upstream - Added Adobe reader fix 645599 Tenable has extracted the preceding description block directly from the Oracle...
IceWarp Mail Server 10.4.5 XSS / XXE Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in IceWarp Mail Server product: IceWarp Mail Server vulnerable version: =10.4.5 fixed version: 10.4.5-1 impact: Critical homepage:...
PreserveWrapper has inconsistent behavior — Mozilla
Mozilla developer Boris Zbarsky found that when PreserveWrapper was used in cases where a wrapper is not set, the preserved-wrapper flag on the wrapper cache is cleared. This could potentially lead to an exploitable crash...
Execution of unmapped memory through onreadystatechange event — Mozilla
Security researcher Nils reported that specially crafted web content using the onreadystatechange event and reloading of pages could sometimes cause a crash when unmapped memory is executed. This crash is potentially exploitable...
Oracle to Patch 40 Java Bugs
There is a massive stack of Java patches on deck for tomorrow, with Oracle planning to fix 40 vulnerabilities in a number of different components of Java SE. Nearly all of the vulnerabilities are remotely exploitable. Oracle doesn’t release much in the way of information about the content of its...
Maldives Telecom ISP - SQL Injection Vulnerability
Document Title: =============== Maldives Telecom ISP - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=355 Release Date: ============= 2013-06-14 Vulnerability Laboratory ID VL-ID: ==================================== 355 Comm...
JBoss AS Administrative Console Password Disclosure
Product: Embedded Jopr - JBoss AS Administration Console Vendor: Red Hat Middleware, LLC Version: JBoss AS Resources Datasources 2. Select Datasource 3. View page source 4. Find input type="password" 5. "value=" will contain the database password. 6. Dump database. Vendor Notified: Yes Vendor...