47153 matches found
Mozilla Foundation Security Advisory 2011-49
Mozilla Foundation Security Advisory 2011-49 Title: Memory corruption while profiling using Firebug Impact: Critical Announced: November 8, 2011 Reporter: Marc Schoenefeld Products: Firefox, Thunderbird Fixed in: Firefox 8.0 Firefox 3.6.24 Thunderbird 8.0 Thunderbird 3.1.16 Description Marc...
APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-10-1 iOS 5.0.1 Software Update iOS 5.0.1 Software Update is now available and addresses the following: CFNetwork Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch 3rd...
ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient,Type Checking Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-11-288 : Microsoft Internet Explorer Select Element Insufficient Type Checking Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-288 October 15, 2011 - - -- CVE ID: CVE-2011-1999 - - -- CVSS: 7.5,...
iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability
iDefense Security Advisory 09.13.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 13, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:...
Loop (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...
Microsoft Internet Explorer multiple security vulnerabilities
mhtml handler cross application scripting, VML processor memory corruption, multiple internet explorer memory corruptions, information leakage...
Post Revolution 0.8.0c Multiple Remote Vulnerabilities
info ——————————— Name : Post Revolution 0.8.0c Multiple Remote Vulnerabilities Class: Design Error && Input Validation Error CVE: CVE-2011-1952, CVE-2011-1953, CVE-2011-1954 Remote: Yes Local: No Credit : Javier Bassi javierbassi at gmail dot com Vulnerable : All versions prior to and including...
XSS in DEAL INFORMER
Product: DEAL INFORMER Vendor: http://www.got.my http://www.got.my/DEAL-INFORMER/ Vulnerable Version: 4.8.0 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium Credit: Hector.x90 Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The...
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
ZDI-11-119: Pwn2Own Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-119 April 12, 2011 -- CVE ID: CVE-2011-1345 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
Plaintext injection in STARTTLS (multiple implementations)
This is a writeup about a flaw that I found recently, and that existed in multiple implementations of SMTP Simple Mail Transfer Protocol over TLS Transport Layer Security including my Postfix open source mailserver. I give an overview of the problem and its impact, how to find out if a server is...
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2140-1 [email protected] http://www.debian.org/security/ Stefan Fritsch January 05, 2011 http://www.debian.org/security/faq -...
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
============================================================================== Joomla! 1.0.x 1.0.15 | Cross Site Scripting XSS Vulnerability ============================================================================== 1. OVERVIEW The Joomla! 1.0.x series are currently vulnerable to Cross Site...
TSSA-2010-01 Ghostscript library Ins_MINDEX() integer overflow and heap corruption
-------------------------------------------------------------------------------------- Ghostscript library InsMINDEX off by one, integer overflow and heapcorruption -------------------------------------------------------------------------------------- -- Vulnerability Summary: Date Published:...
[eVuln.com] Multiple XSS in MCG GuestBook
New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...
acs-blog turkce v1.1.3-(tr) Database Disclosure Exploit
!/usr/bin/perl -w blog turkce v1.1.3-tr Database Disclosure Exploit Found & Coded: indoushka Date: 25/07/2010 Home: http://www.hack-r1z.com/cc/ Dz-Ghost Team ===== Saoucha Star08 Cyber Sec theblind74 XproratiX onurozkan n2n Meher Assel =========================== special thanks to : r0073r...
Microsoft Internet Information Services multiple security vulnerabilities
Authentication bypass, buffer overflow, DoS...
Mozilla Foundation Security Advisory 2010-37
Mozilla Foundation Security Advisory 2010-37 Title: Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: J23 via TippingPoint's Zero Day Initiative Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11...
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability (CVE-2010-2168)
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability CVE-2010-2168 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Adobe Acrobat and Reader are the global standards for electronic document sharing. They are used to create,...
Apache Axis Session Fixation Vulnerability
===== Tempest Security Intelligence - Advisory 02 / 2010 =========== Vulnerability = 'Apache Axis Session Fixation Vulnerability' Authors = 'Tiago Ferreira tiago SPAM tempest.com.br' 'Leandro Oliveira leandro SPAM tempest.com.br' ======== Table of Contents...
[USN-942-1] PostgreSQL vulnerabilities
=========================================================== Ubuntu Security Notice USN-942-1 May 21, 2010 postgresql-8.1, postgresql-8.3, postgresql-8.4 vulnerabilities CVE-2010-1169, CVE-2010-1170 =========================================================== A security issue affects the following...
Oracle / Sun applications multiple security ulnerabilities
Oracle quarterly CPU contains fixes for approximately 50 different vulnerabilities...
Secunia Research: VMWare VMnc Codec HexTile Encoding Two Integer Truncation Vulnerabilities
====================================================================== Secunia Research 09/04/2010 - VMWare VMnc Codec HexTile Encoding - - Two Integer Truncation Vulnerabilities - ====================================================================== Table of Contents Affected...
[USN-923-1] OpenJDK vulnerabilities
=========================================================== Ubuntu Security Notice USN-923-1 April 07, 2010 openjdk-6 vulnerabilities CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837...
Open redirection vulnerability in the Drupal API function drupal_goto (Drupal 6.15 and 5.21)
Open redirection vulnerability in the Drupal API function drupalgoto Drupal 6.15 and 5.21 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily...
[ MDVSA-2009:340 ] jpgraph
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:340 http://www.mandriva.com/security/ Package : jpgraph Date : December 26, 2009 Affected: Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in jpgraph:...
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution 975539 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microso...
squidGuard 1.3 & 1.4 : buffer overflow
Advisory -------- Date 2009-10-26 Program squidGuard URL http://squidguard.org/ Found by Matthieu BOUTHORS Application description ------------------------ SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast an...
[ MDVSA-2009:283 ] cups
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:283 http://www.mandriva.com/security/ Package : cups Date : October 19, 2009 Affected: Corporate 3.0, Multi Network Firewall 2.0 Problem Description: Multiple integer overflows in the JBIG2 decoder in Xpdf...
fetchmail security announcement fetchmail-SA-2009-01 (CVE-2009-2666)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 fetchmail-SA-2009-01: Improper SSL certificate subject verification Topics: Improper SSL certificate subject verification Author: Matthias Andree Version: 1.0 Announced: 2009-08-06 Type: Allows undetected Man-in-the-middle attacks against SSL/TLS...
Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)
Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer 972260 Published: July 28, 2009 Version: 1.0 General Information Executive Summary This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which...
MULTIPLE REMOTE VULNERABILITIES --MiniTwitter<=v0.3-Beta-->
------------------------------------------------------------ MULTIPLE REMOTE VULNERABILITIES --MiniTwitter=v0.3-Beta-- ------------------------------------------------------------ CMS INFORMATION: --WEB: http://mt.bioscriptsdb.com/ --DOWNLOAD: http://sourceforge.net/projects/minitt/ --DEMO:...
DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability
--- Lateral Security Advisory 20090430-001 --- Name: DotNetNuke ErrorPage.aspx Cross-Site Scripting Vulnerability Reported: 30th April 2009 Published: 22nd May 2009 Background: DotNetNuke is one of the most widely adopted open source framework for website content management and web application...
Family Connections 1.8.2 Blind SQL Injection (Correct Version)
Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...
PayPal resource exhaustion
Vulnerability: malicious Web site can cause Denial of Service by forcing user into spending money from his PayPal account to buy different unnecessary things, leading to situation of resource consumption where user can not obtain his daily bread on this day. Workaround: put more money into PayPal...
[ MDVSA-2009:078 ] evolution-data-server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:078 http://www.mandriva.com/security/ Package : evolution-data-server Date : March 23, 2009 Affected: 2008.0, 2008.1, 2009.0 Problem Description: A wrong handling of signed Secure/Multipurpose Internet Mail...
Mozilla Foundation Security Advisory 2009-02
Mozilla Foundation Security Advisory 2009-02 Title: XSS using a chrome XBL method and window.eval Impact: High Announced: February 3, 2009 Reporter: mozbugra4 Products: Firefox 3 Fixed in: Firefox 3.0.6 Description Mozilla security researcher mozbugra4 reported that a chrome XBL method can be use...
[security bulletin] HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01658614 Version: 1 HPSBMA02403 SSRT090007 rev.1 - HP Select Access Running on HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulleti...
New vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting и Abuse of Functionality уязвимостях в Power Phlogger. XSS: Это reflected и persistent XSS. http://site/edCss.php?action=create+new&fields5Bcss5D=3Cscript3Ealertdocument.cookie3C/script3E Код в дальнейшем исполняется при...
Mozilla Foundation Security Advisory 2008-41
Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution 954593 Published: September 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. Thes...
[USN-634-1] OpenLDAP vulnerability
=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...
Remote DoS vulnerability in Linksys WRH54G
DESCRIPTION There is a DoS vulnerability in Cisco Linksys router WRH54G http service. Any anonymous attacker could crash the http service easily by sending a malformed http request, and needn't any privilege. When the device attempts to process the malformed request, it will be possible to...
Microsoft Security Bulletin MS08-024 - Critical Cumulative Security Update for Internet Explorer (947864)
Microsoft Security Bulletin MS08-024 - Critical Cumulative Security Update for Internet Explorer 947864 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves one privately reported vulnerability. The vulnerability could allow remote code executi...
Invision Power Board <=2.3.x iFrame Vuln
Tested On: http://www.abarjigs.com/forum/ Effected on:Invision Power Board =2.3.x Type:Signature With iFrame Discovered By:CYBER.DARK.HIMU SHAHEEMIRZA Google: "style designed by Soi" or "Powered by IP.Board 2.3.1" Mail: [email protected],[email protected] HI TO ALL. HOW TO USE THIS...
Multiple vulnerabilities in ASG-Sentry 7.0.0
Luigi Auriemma Application: ASG-Sentry http://www.asg-sentry.com Versions: = 7.0.0 Platforms: Windows and Unix Bugs: A arbitrary files deleting B heap-overflow in FxAgent C termination of FxIAList D buffer-overflow in FxIAList Exploitation: remote Date: 10 Mar 2008 Author: Luigi Auriemma e-mail:...
Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution 947081 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important security update resolves three privately reported...
SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-013 Advisory Title: Lotus Notes Memory Mapped Files Vulnerability Author: Ollie Whitehouse / [email protected] Release Date: 23-10-20...
Oracle TNS Listener DoS and/or remote memory inspection
NGSSoftware Insight Security Research Advisory Name: Oracle TNS Listener DoS and/or remote memory inspection Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd June 2006...
Microsoft Internet Explorer multiple security vulnerabilities
Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption...