ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability

ZDI-11-188: Oracle Java ICC Profile ncl2 Count Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-188 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java Runtime ...

Alt-N WebAdmin information disclosure

It's possible to obtain file source code by adding 20 or 2e to request...

VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2010-0007 Synopsis: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues Issue date: 2010-04-09...

vBulletin 3.8.2 Denial of Service Exploit

!usr/bin/perl vBulletin® Version 3.8.2 D3n14l 0f S3rv1c3 Expl01t HaCker Anger - [email protected] Modules use IO::SOCKET; Object interface if @ARGV1 print" Author : Hacker Anger TeaM : The Assassin Scorpion TeaM Home : http://Baloma.NeT Mail : [email protected] -vBulletin 3.8.2 Denial of Service Exploi...

CSRF, SQL Injection and Full path disclosure vulnerabilities in XAMPP

Hello 3APA3A! I want to warn you about new security vulnerabilities in XAMPP. These are Cross-Site Request Forgery, SQL Injection and Full path disclosure vulnerabilities. CSRF: http://site/xampp/cds-fpdf.php It's possible to delete or add data in test table as via CSRF, and as via Insufficient...

Java Runtime UTF-8 Decoder Smuggling Vector

Due to misconfiguration of mailing lists, it was just pointed out this is already public. Apologies to those vendors who have not reacted to Sun's announcements of December 2nd in a timely manner; Mitre ID: CVE-2008-2938 Initial title: Java Runtime UTF-8 Decoding Flaw Actual title: Java Runtime...

PHP-Nuke Module Current_Issue (summary&id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PHP-Nuke Module CurrentIssue summary&id AuTh0r : EhsanHp200 H0ME : www.only-4dl.tk Email : [email protected] Dork : "inurl:modules.php?name=CurrentIssue" Exploite:...

About the security content of Security Update 2008-003 / Mac OS X 10.5.3

About the security content of Security Update 2008-003 / Mac OS X 10.5.3 Last Modified: May 28, 2008 Article: HT1897 Summary This document describes the security content of Security Update 2008-003 / Mac OS X 10.5.3, which can be downloaded and installed via Software Update preferences, or from...

S21SEC-043-en:Cezanne SW Blind SQL Injection

S21Sec Advisory - Title: Cezanne SW login required Blind SQL Injection ID: S21SEC-043-en Severity: High History: 02.Jan.2008 Vulnerability discovered Authors: Juan de la Fuente Costa [email protected] Fco Javier Puerta Rubio [email protected] URL: http://www.s21sec.com/avisos/s21sec-43-en.txt...

Mp3 ToolBox 1.0 beta 5 Remote File İnclude Vulnerability

+By CrackersChild+ Script.......: Mp3 ToolBox 1.0 beta 5 Download.....: http://www.radiotoolbox.com/downloads/mp3toolbox/mp3toolboxbeta-5.zip Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File nclude Vulnerability Dork.........: intitle:M...

IBM Rational ClearQuest Web SQL Injection Login Bypass

+==============================================================+ + IBM Rational ClearQuest Web Login Bypass SQL Injection + +==============================================================+ DISCOVERED BY: ============== SecureState sasquatch - [email protected] rel1k - [email protected]...

flashChat 4.7.8 Cross Site Scripting Vulnerability

/ Flashchat 4.7.8 / Date of written Advisory: February 04, 2007 Product: Flash Chat = 4.7.8 Vendor: http://tufat.com/ Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure Exploits /...

[DRUPAL-SA-2006-025] Drupal 4.6.10 / 4.7.4 fixes CRF issue

------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-025 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Highly critical Exploitable from: Remote...

Sabdrimer PRO (v.2.2.4 ) Remote File Include Vulnerability

VIRANGAR SECURITY TEAM Discovered By : A.nosrati www.virangar.org Public www.virangar.net Priv8 Mail: infoatvirangar.net Sabdrimer PRO v.2.2.4 Remote File Include Vulnerability Google Dork : "© Sabdrimer CMS" bug found in file : advanced1.php web Site : http://sabdrimer.ru Remote : Yes Critical...

Переполнение буфера при обработке структуры макроса

Затронутые продукты: Microsoft Word 97, Microsoft Word 2000 SR-1. В Microsoft Word XP этот баг пофиксен. При обработке документа Microsoft Word, содержащего макросы, может произойти переполнение буфера в стеке. Анализ недокументированной структуры макроса в документе, осуществляемый процессом...

IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy)

Georgi Guninski security advisory 10, 2000 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript and disabling Active Scripting is not that easy Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual...

qnx crypt comprimised

the crypt function for qnx turned out to a bit mixer, not a hash function. It's now possible to extract plaintext from the hashes. On a related note, all IOpeners running qnx use the same root password. Telnetd is running, and allows remote login as root. This is a huge security hole, as you can...

[SECURITY] [DSA 3248-1] libphp-snoopy security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3248-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 02, 2015 http://www.debian.org/security/faq -...

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001 OS X 10.10.2 and Security Update 2015-001 are now available and address the following: AFP Server Available for: OS X Mavericks v10.9.5 Impact: A remote attacker may be able to determine...

Incredible PBX remote command execution exploit

!/usr/bin/perl Title: Incredible PBX remote command execution exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 1 September 2014 Coded: 21 October 2014 Published: 21 October 2014 MorXploit Research http://www.MorXploit.com Vendor: PBX in a Flash Vendor url:...

[slackware-security] openssl (SSA:2014-288-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security openssl SSA:2014-288-01 New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+...

[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4444 Remote Code Execution Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 7.0.0 to 7.0.39 Description: In very limited circumstances, it was possible for an attacker to upload a malicious JSP t...

[security bulletin] HPSBST03039 rev.1 - HP StoreVirtual 4000 Storage and StoreVirtual VSA, Remote Disclosure of Information, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04281279 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04281279 Version: 1 HPSBST03039 rev....

[security bulletin] HPSBMU03037 rev.1 - HP Multimedia Service Environment (MSE), (HP Network Interactive Voice Response (NIVR)), Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04275280 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04275280 Version: 1 HPSBMU03037 rev....

[security bulletin] HPSBMU03020 rev.1 - HP Version Control Agent (VCA) and Version Control Repository Manager (VCRM) running OpenSSL on Linux and Windows, Remote Disclosure of Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04262472 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04262472 Version: 1 HPSBMU03020 rev....

Cross-Site Scripting (XSS) in Zikula Application Framework

Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...

NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability

Document Title: =============== NewsAktuell PressePortal DE - Remote SQL Injection Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1150 Lab News Article: http://www.vulnerability-lab.com/news/getnews.php?id=115 Release Date: =============...

CVE-2013-3568 - Linksys CSRF + Root Command Injection

Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...

Vulnerabilities in jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. Which is used at tens thousands of web sites and in multiple web applications. ------------------------- Affected products:...

Novell GroupWise Multiple Remote Code Execution Vulnerabilities

Advisory ID: HTB23131 Product: Novell GroupWise Vendor: Novell Inc. Vulnerable Versions: 12.0.0.8586 and probably prior Tested Version: 12.0.0.8586 on Windows 7 SP1 and Internet Explorer 9.0 Vendor Notification: November 26, 2012 Vendor Patch: January 30, 2013 Public Disclosure: April 3, 2013...

PHP-Fusion 7.02.05 SQL Injection

SQL Injection vulnerability exists in releases since 7.02.01 till 7.02.05 of PHP-Fusion CMS. The vulnerability allows the attacker to authenticate as an arbitrary user and act with its rights which might lead to the code execution. Because of exploitation simplicity, the potential risk is very...

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.31 - - Tomcat 6.0.0 to 6.0.35 Description: The CSRF prevention filter could be bypassed ...

Vulnerabilities in JW Player Pro

Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...

Jrobalian CMS SQL Injection Vulnerability

===================================================== Jrobalian CMS SQL Injection Vulnerability ===================================================== :----------------------------------------------------------------------------------------------------------------------------------------: :...

Commentics 2.0 <= Multiple Vulnerabilities

Commentics 2.0 = Multiple Vulnerabilities Discovered by: Jean Pascal Pereira [email protected] Vendor information: "Commentics is a free, advanced PHP comment script with many features. Professionally written and with open source code, its main aims are to be integrable, customizable and secure."...

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "scrn" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability

VUPEN Security Research - Oracle Java ICC Profile "bfd" Tag Integer Overflow Code Execution Vulnerability http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Java is a programming language and computing platform released by Sun Microsystems now Oracle. It is the...

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability

ZDI-11-186: Oracle Java ICC Profile Multi-Language 'curv' Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-186 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Ja...

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability

ZDI-11-189: Oracle Java ICC Profile ncl2 DevCoords Tag Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-189 June 8, 2011 -- CVE ID: CVE-2011-0862 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Oracle -- Affected Products: Oracle Java...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Mozilla Foundation Security Advisory 2010-28

Mozilla Foundation Security Advisory 2010-28 Title: Freed object reuse across plugin instances Impact: Critical Announced: June 22, 2010 Reporter: Microsoft Vulnerability Research Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 SeaMonkey 2.0.5 Description Microsoft Vulnerabili...

PR10-02: Various XSS and information disclosure flaws within 3Com* iMC (Intelligent Management Center)

PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January 2010 Vendor informed: 1st February 2010 Vulnerability fixed: 13th May 2010 Severity:...

Oracle Critical Patch Update Advisory - January 2010

Oracle Critical Patch Update Advisory - January 2010 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are...

Hacktics Advisory Dec09: Oracle eBusiness Suite - Multiple Vulnerabilities Allow Remote Takeover

Hacktics Research Group Security Advisory http://www.hacktics.com/details=;view=Resources7CAdvisory By Shay Chen, Hacktics. 14-Dec-2009 =========== I. Overview =========== During a penetration test performed by Hacktics' experts, certain vulnerabilities were identified in the Oracle eBusiness Sui...

Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html =============Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation================ Authors: Giuseppe 'Evilcry' Bonfa' AbdulAziz Hariri E-Mail: evilcry AT GMAIL DOT COM Website: http://evilcry.netsons.org...

Microsoft Security Bulletin MS09-022 - Critical Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)

Microsoft Security Bulletin MS09-022 - Critical Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution 961501 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Windows Print...

Multiple XSS Vulnerabilities in World Recipe 2.11

Armorize Technologies Security Advisory Armorize-ADV-2008-0001 Title: Multiple XSS Vulnerabilities in World Recipe 2.11 Date: 2008/12/15 Status: Full Class: Input Validation Error Bugtraq ID: N/A Category: Cross Site Scripting Language: ASP.NET C Description Armorize-ADV-2008-0001 discloses...

OneNews Beta 2 Multiple Vulnerabilities

/////////////// Name : OneNews Beta 2 Multiple Vulnerabilities Author : suN8HclfcrimsoNLoyd9, DaRk-CodeRs Group Source : http://sourceforge.net/project/showfiles.php?groupid=193198 Dork : Powered by One-News Greetz : all DaRk-CodeRs guys, e.wiZz, str0ke ========================== |1. XSS and html...

Akamai Technologies Security Advisory 2008-0003 (Akamai Client Software)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------- Akamai Technologies Security Advisory 2008-0003 Akamai ID: 2008-0003 Date: 2008/06/06 Product Name: Akamai Client Software formerly Red Swoosh Affected Versions: Up to and including 3322 Fixed...

iDefense Security Advisory 06.03.08: Sun Java System Active Server Pages File Creation Vulnerability

iDefense Security Advisory 06.03.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 03, 2008 I. BACKGROUND Sun Java System Active Server Pages is a multi-platform ASP application server. It provides provides ASP Active Server Pages functionality to a web server. More information is...