DoS vulnerability in WordPress

Hello 3APA3A! I want to warn you new about security vulnerability in WordPress. This is Denial of Service vulnerability. Which exists in security functionality, which protects against Abuse of Functionality vulnerability in WordPress, which I've disclosed in 2009 and which was not fixed correctly...

DSA-2443-1 linux-2.6 - several

Bulletin has no description...

Google Talk - 'gtalk://' Deprecated URI Handler Injection

Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of 1.0.0.105: http://www.google.com/talk/intl/it/...

Многочисленные уязвимости в EJBCA

Здравствуйте 3APA3A! Сообщаю вам о найденных мною 17.01.2012 многочисленных уязвимостях в Enterprise Java Beans Certificate Authority EJBCA. Это Cross-Site Scripting, Brute Force и Abuse of Functionality уязвимости. EJBCA - это PKI сервер. По информации из официального сайта: A Certification...

EJBCA 4.0.7 Cross Site Scripting / User Enumeration

Hello list! I want to warn you about multiple security vulnerabilities in Enterprise Java Beans Certificate Authority EJBCA. These are Cross-Site Scripting, Brute Force and Abuse of Functionality vulnerabilities. EJBCA it's a PKI server. Citation from official web site: A Certification Authority...

Design/Logic Flaw

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an A...

[SECURITY] Fedora 15 Update: glibc-2.14.1-6

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

AoF and CSRF vulnerabilities in D-Link DAP 1150

Hello 3APA3A! I want to warn you about new security vulnerabilities in D-Link DAP 1150 Wi-Fi Access Point and Router. These are Abuse of Functionality and Cross-Site Request Forgery vulnerabilities. This is my third advisory from series of advisories about vulnerabilities in D-Link products. Abus...

Chicago Tribune Cross Site Scripting

Title: Chicago Tribune reflected Cross Site Scripting vulnerability Vendor: Chicago Tribune http://www.chicagotribune.com/ Description: mobile.chicagotribune.com suffers from a reflected Cross-site Scripting XSS vulnerability. Advisory time-line:...

CVE-2012-0789

Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service memory consumption by triggering many strtotime function calls, which are not properly handled by the phpdateparsetzfile cache...

CVE-2012-1057

Cross-site request forgery CSRF vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the...

GLSA-201201-16 : X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

The remote host is affected by the vulnerability described in GLSA-201201-16 X.Org X Server/X Keyboard Configuration Database: Screen lock bypass Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an applicati...

CVE-2011-4132

CVE-2011-4132 affects the Linux kernel’s Journaling Block Device (JBD) cleanup_journal_tail function. The vulnerability allows local users to trigger a denial of service (assertion error and kernel oops) when handling an ext3 or ext4 image containing an invalid log first block value. The descript...

CVE-2011-4132

The cleanupjournaltail function in the Journaling Block Device JBD functionality in the Linux kernel 2.6 allows local users to cause a denial of service assertion error and kernel oops via an ext3 or ext4 image with an "invalid log first block value."...

Poison Ivy Variant Changes Benign Code to Malicious After Download

Trojan downloaders are the cannon fodder of the malware world: expendable, commoditized foot soldiers with a single function. Once their job is complete–downloading the executable or other malicious component–the downloaders are no longer useful. However, researchers have found that there are now...

Yuku Forums Cross Site Scripting

Exploit Title: Yuku Forums Cross Site Scripting Date: 24.01.2012 Author: Sony Software Link: http://www.yuku.com/ Google Dorks: inurl:.yuku.com intext:forum Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/yuku-forums-cross-site-scripting.htm...

Unfixed XSS vulnerability at www.blogsky.com

Security researcher a3q, has submitted on 21/01/2012 a cross-site-scripting XSS vulnerability affecting www.blogsky.com, which at the time of submission ranked 1089 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently...

CVE-2011-4868

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS DDNS and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via crafted packets...

PHP < 5.3.9 Multiple DoS Vulnerabilities - Windows

PHP is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if...

[BSA-061] Security Update for openswan

Harald Jenny uploaded new packages for openswan which fixed the following security problems: CVE-2011-4073 Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service pluto IKE daemo...