VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing directly after the SSH connection is established. Hisashi Kojima...

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability

Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-5053 - Deloitte Argentina Advisory Code: DTTAR-20130001 - Vendor Status: CONFIRMED - Public Disclosure Date: January, 15th, 2013. - Vendors Affected: Trimble - http://www.trimble.com/ - Systems...

IrfanView 4.33 - IMXCF.dll Plugin Code Execution

IrfanView 4.33 - IMXCF.dll Plugin Code Execution From the simple.xcf file, 0x004ABABC will overwrite eip. Tested on Windows XP SP3 and Windows 7 x64. Fixed in the current release IrfanView 4.35: 1 Shellcode from 2 Old version installer at 3 4. 1 http://www.irfanview.com/mainhistory.htm 2...

PT-2012-3340 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 9 Description: A use-after-free issue allows remote attackers to execute arbitrary code via a crafted web site. This occurs due to incorrect access to an object that has not been correctly initialized or ha...

Team SHATTER Security Advisory: Multiple SQL Injection in Oracle Enterprise Manager (SQL Tunning Sets components)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory Multiple SQL Injection in Oracle Enterprise Manager SQL Tunning Sets components. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Remote...

Drupal 7.x 任意PHP代码执行和信息泄露漏洞

BUGTRAQ ID: 56103 Drupal是一款开放源码的内容管理平台。 Drupal 7.16及之前版本存在安全漏洞，攻击者可利用这些漏洞在Web服务器的上下文中执行任意PHP代码并获取敏感信息。 0 Drupal 7.x 厂商补丁： Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://drupal.org/node/...

Google Chrome Windows Kernel Memory Corruption Vulnerability

Google Chrome is prone to a memory corruption vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Trend Micro Control Manager vulnerable to SQL injection

Overview Trend Micro Control Manager contains a SQL injection vulnerability. Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Tom Gregory and Mada R Perdhana of Spentera reported this vulnerability to JPCERT/CC. JPCERT/CC...

HP Operations Agent Opcode 0x8c vulnerability

Added: 08/20/2012 CVE: CVE-2012-2020 BID: 54362 OSVDB: 83674 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in the coda.exe process, which listens on a random TCP port, could allow remote attackers to execute...

F5 BIG-IP - Authentication Bypass (PoC)

F5 BIG-IP - Authentication Bypass PoC Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...

MyBB 1.6.6之前版本多个安全漏洞

BUGTRAQ ID: 51962 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在多个安全漏洞，攻击者可利用这些漏洞执行脚本代码、窃取Cookie身份验证凭证、泄露或修改敏感信息或执行非法操作。 0 MyBB 1.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

PHP 'magic_quotes_gpc'安全绕过漏洞(CVE-2012-0831)

Bugtraq ID: 51954 CVE ID：CVE-2012-0831 Php存在一个安全漏洞允许远程禁用magicquotesgpc，这允许远程攻击者绕过防止SQL注入的限制 0 PHP 5.3.8 PHP 5.3.7 PHP 5.3.6 PHP 5.3.2 PHP 5.2.4 PHP 5.3.5 PHP 5.3.4 PHP 5.3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息： https://bugs.php.net/bug.php?id=61043...

PHP 5.3.x libxslt安全限制绕过漏洞

BUGTRAQ ID: 51806 CVE ID: CVE-2012-0057 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP在libxslt安全设置上存在漏洞，可使远程攻击者通过使用了libxslt输出扩展的特制XSLT样式表创建任意文件。 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

Joomla Boss Component Local File Inclusion Vulnerability

This host is running Joomla Boss component and is prone to local file inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacombosslfivuln.nasl 7577 2017-10-26 10:41:56Z cfischer $ Joomla Boss Component Local File Inclusion Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

Joomla XBall Component SQL Injection Vulnerability

This host is running Joomla XBall component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomxballsqlinjvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Joomla XBall Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...

FreeSSHd Remote Denial of Service Vulnerability

The host is running FreeSSHd and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: secpodfreesshdremotedosvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ FreeSSHd Remote Denial of Service Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 SecPod,...

PT-2011-5166 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce versions 3.0.4 SP2.1 and earlier Description: The issue allows remote attackers to hijack the authentication of admins for specific requests. This can be achieved through cross-site request forgery CSRF vulnerabilities. The...

Touhou Hisouten vulnerable to denial-of-service

Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...

phpMyAdmin 3.x Conditional Session Manipulation

No description provided by source. Application: phpMyAdmin 3.x Patched ver: 3.3.10.3 and 3.4.3.2 Severity: Low Exploitable: Remote PMASA ID: PMASA-2011-12 Description If the Swekey extention is activated a remote attacker can manipulate the variables in the the global namespace. Fix Upgrade to...

Mandriva Linux Security Advisory : kdenetwork4 (MDVSA-2011:081)

A vulnerability has been found and corrected in kdenetwork4 : Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. dot dot in the na...