9457 matches found
Linux Kernel 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure
/ source: https://www.securityfocus.com/bid/50573/info The Linux kernel is prone to a local information-disclosure weakness. Successful exploits allow local attackers to obtain the password length of a victim's account; information harvested may aid in further attacks. Linux kernel 3.1 and prior...
[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
---------------------------------------------------------------------- PT-2011-21 Positive Technologies Security Advisory SQL injection vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7.0 and...
[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
---------------------------------------------------------------------- PT-2011-20 Positive Technologies Security Advisory Authorization bypass vulnerability in OneOrZero AIMS ---------------------------------------------------------------------- ---Vulnerable software OneOrZero AIMS Version: 2.7....
Advanced Poll 2.02 - SQL Injection
Advanced Poll 2.02 - SQL Injection + Title : Advanced Poll 2.02 SQL Injection Vulnerability + Affected Version : v2.02 + Software Link : http://www.electrolized.free.fr/scripts-php/pollphp.zip + Tested on : Windows 7 + Date : 15/10/2011 + Dork : inurl:/db/admin intitle:Advanced Poll 2.02 + Catego...
Researcher Warns Of Exploitable Hole In Chinese Translation Software NJStar
UPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments. Dillon Beresford said a stack overflow vulnerability in a...
[PT-2011-14] SQL injection vulnerability in BoonEx Dolphin
---------------------------------------------------------------------- PT-2011-14 Positive Technologies Security Advisory SQL injection vulnerability in BoonEx Dolphin 6.1 ---------------------------------------------------------------------- --- Vulnerable platform BoonEx Dolphin 6.1 Link:...
TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...
Google Chrome - Killing Thread (PoC)
Google Chrome - Killing Thread PoC -' pigtail23 -' -' www.remoteshell.de -.OO .- OO.- OO .-/ | '-' | | | | | | | | |'-| |'| |\ -' / --' --' -----' --' --' --' --' -----' ------' ---'' October 22, 2011 Ohh nice! What u doing google? Thx 4 ur bug! 0o Google Chrome PoC, killing thread. Exploitable o...
Microsoft Publisher 2007 Pubconv.dll Memory Corruption
Core Security Technologies - Corelabs Advisory Microsoft Publisher 2007 Pubconv.dll Memory Corruption 1. Advisory Information Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption Advisory ID: CORE-2011-0106 Advisory URL:...
MozillaFirefox: Update to Firefox 3.6.23 (important)
Mozilla Firefox was updated to version 3.6.23, fixing various bugs and security issues. MFSA 2011-36: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption...
Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities
Binary data 6027.prm...
Mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...
Potentially exploitable crash in the YARR regular expression library — Mozilla
Security researcher Aki Helin reported a potentially exploitable crash in the YARR regular expression library used by JavaScript...
WellinTech KingView History Server Buffer Overflow
Overview ICS-CERT has received a report from the Zero Day Initiative ZDI concerning a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability was reported to ZDI by...
CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiples Vulnerabilities in ManageEngine ServiceDesk Plus 1. Advisory Information Title: Multiples Vulnerabilities in ManageEngine ServiceDesk Plus Advisory ID: CORE-2011-0506 Advisory URL:...
[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...
Equis MetaStock 11 - Use-After-Free
Luigi Auriemma Application: Equis MetaStock http://www.equis.com Versions: = 11 Platforms: Windows Bug: use after free Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1 Introduction...
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product:...
[PT-2011-23] Database information disclosure in GLPI
---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...
[PT-2011-23] Database information disclosure in GLPI
---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...