Mandriva Linux Security Advisory : kdenetwork4 (MDVSA-2011:081)

A vulnerability has been found and corrected in kdenetwork4 : Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. dot dot in the na...

MediaCast 8 Credential Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: MediaCast Password Dump Vulnerability Release Date: 04/25/2011 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application: MediaCast &ClearSession=1 or...

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...

IBM Tivoli vulnerable to denial-of-service (DoS)

Overview IBM Tivoli contains a denial-of-service DoS vulnerability. IBM Tivoli contains a denial-of-service DoS vulnerability due to an issue in Java Runtime Environment JRE. A wide range of products are affected. For more information, refer to the vendor's website. Impact A remote attacker may...

Google Chrome 9.0.597.94之前的版本多个漏洞

BUGTRAQ ID: 46262 Google Chrome是Google开发网页浏览器。 Google Chrome 9.0.597.94之前版本在实现上存在多个安全漏洞，远程攻击者可利用这些漏洞在浏览器中执行任意代码或造成拒绝服务。 Google Chrome 7.0.548.0 - 9.0.597.84 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption (PoC)

Automated Solutions ModbusTCP OPC Server - Remote Heap Corruption PoC !/usr/bin/python asmb-heap.py Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC Jeremy Brown 0xjbrown41-gmail-com Jan 2011 A specially crafted length field in a MODBUS packet header can trigger heap corruptio...

Achievo 1.4.3 - Multiple Authorisation Vulnerabilities

Advisory Name: Multiple Authorization Flaws in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-02 Vulnerability Class: Authorization Flaw Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable Affected Platforms: Any Local / Remote: Remote Severit...

Achievo 1.4.3 - Cross-Site Request Forgery

Advisory Name: Cross Site Request Forgery in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-03 Vulnerability Class: Cross Site Request Forgery Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable Affected Platforms: Any Local / Remote: Remote...

Blue River Mura CMS Directory Traversal

Sep 24, 2010 Title: Blue River Mura CMS Directory Traversal Version: 1.0 Issue type: Directory Traversal Affected vendor: Blue River Interactive Group Release date: 24/09/2010 Discovered by: Steven Seeley & Rohan Stelling Summary Mura CMS is an open source content management system which is built...

Achievo 1.4.3 - Cross-Site Request Forgery

Achievo 1.4.3 - Cross-Site Request Forgery Advisory Name: Cross Site Request Forgery in Achievo 1.4.3 Internal Cybsec Advisory Id: 2010-08-03 Vulnerability Class: Cross Site Request Forgery Release Date: 2010-Sept-28 Affected Applications: Achievo 1.4.3 other versions may be also vulnerable...

Haudenschilt Family Connections CMS (FCMS) Multiple PHP remote file inclusion vulnerabilities

This host is running Haudenschilt Family Connections CMS FCMS and is prone to multiple remote file inclusion vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfcmsmultrfivuln.nasl 5394 2017-02-22 09:22:42Z teissa $ Haudenschilt Family Connections CMS FCMS Multiple PHP remote file inclusion...

Microsoft SMB Server Zero Size Pool Allocation

=============================================================================== stratsec Security Advisory: SS-2010-007 MS SMB Server Zero Size Pool Allocation =============================================================================== Title: SS-2010-007 Microsoft SMB Server Zero Size Pool...

Netware - SMB Remote Stack Overflow (PoC)

Netware - SMB Remote Stack Overflow PoC =============================================================================== Stratsec Security Advisory: SS-2010-006 =============================================================================== Title: Netware SMB Remote Stack Overflow Version: 1.0 Iss...

Netware - SMB Remote Stack Overflow (PoC)

=============================================================================== Stratsec Security Advisory: SS-2010-006 =============================================================================== Title: Netware SMB Remote Stack Overflow Version: 1.0 Issue type: Stack Overflow Affected vendor:...

Samba 3.4.73.5.1 - Denial of Service

Samba 3.4.73.5.1 - Denial of Service =============================================================================== stratsec Security Advisory: SS-2010-005 =============================================================================== Title: Samba Multiple DoS Vulnerabilities Version: 1.0 Issue...

iDefense Security Advisory 03.30.10: Microsoft Internet Explorer 'onreadystatechange' Use After Free Vulnerability

iDefense Security Advisory 03.30.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 30, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer,...

SugarCRM Stored XSS vulnerability

Class: Stored Cross Site Scripting XSS CVE: CVE-2010-0465 Remote: Yes Local: Yes Published: Jan 1, 2010 12:01AM Timeline: Submission to Mitre: January 29, 2010 Vendor Contact: February 18, 2010 Vendor Response: February 19, 2010 Patch Available: March 10, 2010 Credit: Jeromie Jackson CISSP, CISM...

SugarCRM x<5.5.0a and 5.2.0l cross site scripting Vulnerability

Exploit for unknown platform in category web applications =============================================================== SugarCRM x ;...

SugarCRM Cross Site Scripting

Class: Stored Cross Site Scripting XSS CVE: CVE-2010-0465 Remote: Yes Local: Yes Published: Jan 1, 2010 12:01AM Timeline: Submission to Mitre: January 29, 2010 Vendor Contact: February 18, 2010 Vendor Response: February 19, 2010 Patch Available: March 10, 2010 Credit: Jeromie Jackson CISSP, CISM...

MS10-016: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

The remote Windows host contains a version of Windows Movie Maker that is affected by a buffer overflow vulnerability due to the way the application parses project file formats. If an attacker can trick a user on the affected system into opening a specially crafted Movie Maker or Producer file...