Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible...

CVE-2010-4746

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...

Remember Me filter not working for FishEye/Crucible

The current implementation of the FishEye filter still require that the Remember Me cookie have the encrypted credentials for the user, what is no longer true as that pose a major security vulnerability. The filter should rely on the JIRA Remember Me funcionality. If the user logged in using the...

Brute Force и Abuse of Functionality уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force и Abuse of Functionality уязвимостях в Drupal. Brute Force WASC-11: В форме логина http://site/user/ не реализована надёжная защита от подбора пароля. В самом Drupal капчи нет, а существующий Captcha модуль...

JAKCMS 2.01 - Code Execution

!/usr/bin/python JAKCMS query$sql; if $jakdb-affectedrows 0 $row = $result-fetchassoc; $SESSION'JAKLoggedIn' = true; Additionally, functionality in the backend, allows an administrative user to add a "phphook" whereby ad...

Unfixed XSS vulnerability at www.softline.am

Security researcher Sony, has submitted on 19/02/2011 a cross-site-scripting XSS vulnerability affecting www.softline.am, which at the time of submission ranked 6968697 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...

CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to 1 the sndusbcaiaqaudioinit...

CVE-2011-0045

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to...

(0Day) EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The Replication Manager client installs a service binds the irccd.exe process to TCP port 6542. Thi...

Ganji is a SQL injection BUG and solution-vulnerability warning-the black bar safety net

| Detail: To unsubscribe from there. $. post'/event/cancelSmsNotify/' , phone : "sdf'dsf" , functionret alert'unsubscribe successful'; Injection parameters phone Vulnerabilityproof: phone=sdf'dsf br / bFatal error/b: Uncaught exception 'Exception' with message '1 0 6 4: You have an error in your...

Новые уязвимости в Firebook

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality, Information Leakage и Cross-Site Scripting уязвимостях в Firebook. Insufficient Anti-automation WASC-21: http://site/index.html?mailto=MG1112008878;file=path/to/guestbook/message.html; На...

Firebook 3.100328 Cross Site Scripting / Disclosure

Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...

MS Windows HID Functionality(Over USB) Code Execution Vulnerability

This host is installed with USB device driver software and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbmswindowshidoverusbcodeexecvuln.nasl 8724 2018-02-08 15:02:56Z cfischer $ MS Windows HID FunctionalityOver USB Code Execution Vulnerability Authors: Antu Sanadi...

Microsoft Windows HID Functionality (Over USB) Code Execution Vulnerability (Jan 2011)

A USB device driver software is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-0651

Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value...

Новые уязвимости в SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в SimpGB. XSS WASC-08: POST запрос на странице http://site/guestbook.php в параметрах poster, postingid и location в функции Preview. Если в...

SimpGB 1.49.02 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...

CVE-2011-0639

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...

Default configuration

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...