IBM 1754 GCM16 1.18.0.22011 Command Execution

I. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. II. Vulnerability information Impact: Command execution Remotely exploitable: yes CVE: 2013-0526 CVS Score: 8.5 III. Vulnerability details GCM16 v.1.18.0.22011 and...

Hikvision IP Cameras Overflow / Bypass / Privilege Escalation

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Hikvision IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Hikvision IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0708 Advisory URL:...

CORE-2013-0613 - FOSCAM IP-Cameras Improper Access Restrictions

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...

FOSCAM IP-Cameras Improper Access Restrictions

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ FOSCAM IP-Cameras Improper Access Restrictions 1. Advisory Information Title: FOSCAM IP-Cameras Improper Access Restrictions Advisory ID: CORE-2013-0613 Advisory URL:...

XnView 2.03 - .pct Buffer Overflow

XnView 2.03 - .pct Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ XnView Buffer Overflow Vulnerability 1. Advisory Information Title: XnView Buffer Overflow Vulnerability Advisory ID: CORE-2013-0705 Advisory URL:...

Oracle July 2013 Critical Patch Update patches 89 Flaws

It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...

Mac OSX Server DirectoryService Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...

CORE-2013-0302 - Zavio IP Cameras multiple vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

Apple Mac OSX Server - DirectoryService Buffer Overflow

Apple Mac OSX Server - DirectoryService Buffer Overflow Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...

Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com Zavio IP Cameras multiple vulnerabilities 1. Advisory Information Title: Zavio IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0302 Advisory URL:...

Vivotek IP Cameras - Multiple Vulnerabilities

Vivotek IP Cameras - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: Vivotek IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0301 Advisory URL:...

D-Link IP Cameras Multiple Vulnerabilities

1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:http://www.coresecurity.com/core-labs/advisories/d-link-ip-cameras-multiple-vulnerabilities Date published: 2013-04-29 Date of last update: 2013-03-29 Vendors contacted: D-Link...

Unfixed Reflection API vulnerability reported in Java

Founder and CEO of Security Explorations of Poland, Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipp...

Debian DSA-2635-1 : cfingerd - buffer overflow

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[Onapsis Security Advisory 2013-005] SAP CCMS Agent Code Injection

Onapsis Security Advisory 2013-005: SAP CCMS Agent Code Injection This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand information on upcoming advisories, presentations and new...

Debian Security Advisory DSA 2635-1 (cfingerd - buffer overflow)

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. OpenVAS Vulnerability Test $Id: deb2635.nasl 6611 2017-07-07...

TeamSHATTER Security Advisory: Oracle Database GeoRaster API overflow (CVE-2012-3220)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Database GeoRaster API overflow February 20, 2013 Risk Level: High Affected versions: Oracle Database 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes Credits: This vulnerability w...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (dBClone) (CVE-2013-0374)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager dBClone February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote...

TeamSHATTER Security Advisory: Oracle 11g Stealth Password Cracking Vulnerability (CVE-2012-3137)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle 11g Stealth Password Cracking Vulnerability February 20, 2013 Risk Level: High Affected versions: Oracle Database Server version 11gR1, 11gR2 Remote exploitable: Yes No authentication to Database Server is needed...

TeamSHATTER Security Advisory: Cross-site scripting in Oracle EM (advReplicationAdmin) (CVE-2013-0355)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-site scripting in Oracle Enterprise Manager advReplicationAdmin TeamSHATTER Security Advisory February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3 Remote exploitable: Yes...