47153 matches found
[security bulletin] HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting (XSS), Privilege Escalation, Cross Site Request Forgery (CSRF)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02563642 Version: 1 HPSBMA02602 SSRT100317 rev.1 - HP Insight Control Performance Management for Windows, Remote Cross Site Scripting XSS, Privilege Escalation, Cross Site Request Forgery CSRF...
[ MDVSA-2010:115 ] perl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:115 http://www.mandriva.com/security/ Package : perl Date : June 11, 2010 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: Multiple...
GR Board v1.8.6.1 stab (page.php?theme) Remote File Inclusion Vulnerability
======================================================== GR Board v1.8.6.1 stab page.php?theme Remote File Inclusion Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 ...
Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer (980182)
Microsoft Security Bulletin MS10-018 - Critical Cumulative Security Update for Internet Explorer 980182 Published: March 30, 2010 Version: 1.0 General Information Executive Summary This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in...
Harris Stratex StarMAX subscriber station running config CSRF exploit
===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit ===================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / ...
[security bulletin] HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01923093 Version: 1 HPSBMI02473 SSRT080138 rev.1 - Cisco Catalyst Blade Switch 3020/3120, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as so...
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
ZDI-09-076: Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-076 November 4, 2009 -- Affected Vendors: Sun Microsystems -- Affected Products: Sun Microsystems Java Runtime -- TippingPointTM IPS Customer Protection: TippingPoint...
[ MDVSA-2009:284 ] gd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:284 http://www.mandriva.com/security/ Package : gd Date : October 20, 2009 Affected: 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...
[USN-834-1] PostgreSQL vulnerabilities
=========================================================== Ubuntu Security Notice USN-834-1 September 21, 2009 postgresql-8.1, postgresql-8.3 vulnerabilities CVE-2009-3229, CVE-2009-3230, CVE-2009-3231 =========================================================== A security issue affects the...
[ MDVSA-2009:203 ] curl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2009:203 http://www.mandriva.com/security/ Package : curl Date : August 15, 2009 Affected: 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Problem Description: A...
Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000
SEC Consult Security Advisory 20090429-0 ======================================================================= title: Proxy bypass vulnerability & plain text passwords in LevelOne AMG-2000 product: LevelOne AMG-2000 Wireless AP Management Gateway vulnerable version: Firmware =2.00.00build00600...
iDefense Security Advisory 02.24.09: Adobe Flash Player Invalid Object Reference Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 02.24.09 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 24, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows,...
ASP-CMS v.1.0 Sql Injection/Database Disclosure
ASP-CMS v.1.0 Sql Injection/Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download :...
Metrica Service Assurance Multiple Cross Site Scripting
Metrica Service Assurance Multiple Cross Site Scripting Author: Francesco Bianchino Email: [email protected] Title: Metrica Service Assurance Multiple Cross Site Scripting Vendor: IBM Summary Metrica Service Assurance Framework implements a distributed, object-oriented, J2EE-based architectur...
[SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-1947: Tomcat host-manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 5.5.9 to 5.5.26 Tomcat 6.0.0 to 6.0.16 This issue has been fixed in the source repositories for each version and will b...
[NEWS] Watchguard Firebox PPTP VPN User Enumeration Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Opera 9.50 beta and prior remote DoS (freeze)
Name : Opera 9.50 beta / 9.24 Remote DoS Type : Remote DoS Credits: Gynvael Coldwind of Vexillium & Simey Impact : Low Short description Opera is vulnerable to a remote DoS attack, using spacially crafted BMP files, that causes the browser to freeze for a short amount of time around 4 minutes on...
[waraxe-2007-SA#059] - XSS in WordPress 2.3
waraxe-2007-SA059 - XSS in WordPress 2.3 ==================================================================== Author: Janek Vind "waraxe" Date: 27. October 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-59.html Target software description: WordPress is a state-of-the-art semanti...
fuzzylime (forum) XSS
Application: fuzzylime Forum Web Site: http://forum.fuzzylime.co.uk/st/front/index/ Versions: 1.01b and below Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: Yes Advisory File: http://www.secvsn.com/content/Advisories/sr-180607-fuzzy.html...
SYM07-012 Symantec Reporting Server elevation of privilege
SYM07-012 Symantec Reporting Server Elevation of Privilege June 5, 2007 Risk Impact Medium Remote Access: Yes Local Access: Yes Authentication Required: No Exploit available: No Overview Files created by a Reporting Server may be accessible to an unauthorized user. Affected Products Reporting...
Microsoft Windows animated cursors buffer overflow
Stack buffer overflow stack overrun is actively used for hidden malware installation...
HP JetDirect and HP printers buffer overflow
Buffer overflow in LIST, NLIST and RETR command of built-in FTP server...
AlberT-EasySite <= 1.0.a5 Remote File Inclusion
AlberT-EasySite = 1.0.a5 Remote File Inclusion Download Source : http://www.superalbert.it/download/AlberT-EasySite/AES1.0a5.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; logout.php bugs ; requireonce $PSAPATH.'/include/config.php'; exmple and methode...
A-Blog v2.0 Remote File Include
============================================================================================== A-Blog v2.0 Remote File Include =============================================================================================== Critical Level : Dangerous A-Blog...
FileCOPA FTP Server multiple buffer overflows
Multiple FTP commands buffer overflows...
Microsoft Security Bulletin MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
Microsoft Security Bulletin MS06-032 Vulnerability in TCP/IP Could Allow Remote Code Execution 917953 Published: June 13, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Important...
Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability
====================================================================== Secunia Research 12/06/2006 - MyBB "domecode" PHP Code Execution Vulnerability - ====================================================================== Table of Contents Affected...
Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)
Application: Panda ActiveScan Vendors: http://www.activescan.com http://www.pandasoftware.com/activescan/com/activescanprincipal.htm Version: 5.0 Platforms: Windows Bug: Buffer Overflow and A CrashD.O.S Risk: High - Running Arbitary Code At SYSTEM Level Exploitation: Remote with browser Date: 1 A...
UPB: Discussion Board/Web-Site Takeover
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: UPB: Discussion Board/Web-Site Takeover product: Ultimate PHP Board v1.9 latest vendor: www.myupb.com risk: high date: 05/24/2k3 discovered by: euronymous /F0KP advisory urls: http://f0kp.iplus.ru/bz/024.en.txt...
Security Advisory for Bugzilla v2.13 and older
All users of Bugzilla, the bug-tracking system from mozilla.org, are strongly recommended to update to version 2.14. Bugzilla 2.14 is a general security update, but not all of the security issues are serious. Serious issues include: Multiple instances where data on "confidential" bugs could be...
Force Feeding
Saturday, 24 June 2000 Microsoft Internet Explorer 5 and accompanying mail and news clients on win95, win98 and win2000 enjoy a unique status in that they choose to ignore user input. Specifically, we are able to manually force a file onto the target computer despite all prompts and warnings. A 1...
Security Bulletin (MS00-038)
Microsoft Security Bulletin MS00-038 - -------------------------------------- Patch Available for "Malformed Windows Media Encoder Request" Vulnerability May 30, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Windowsr Media Encoder, whic...
NetStructure 7180 remote backdoor vulnerability
@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: NetStructure 7180 remote backdoor vulnerability Release Date: May 8th, 2000 Application: Intel NetStructure 7180 previously the Ipivot Commerce Accelerator 8000 Severity: Compromise from a remote networ...
Apple iTunes multiple security vulnerabilities
Multiple memory corruptions, DLL injections, multiple WebKit vulnerabilities, information disclosure...
FreeBSD Security Advisory FreeBSD-SA-15:16.openssh [REVISED]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:16.openssh Security Advisory The FreeBSD Project Topic: OpenSSH multiple vulnerabilities Category: contrib Module: openssh Announced: 2015-07-28, revised on...
Productsurf Cms Sql Injection Vulnerability
Sql Injection Vulnerability in Productsurf Cms All Version @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@...
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability
Document Title: =============== HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1329 Release Date: ============= 2014-10-02 Vulnerability Laboratory ID VL-ID:...
APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4322 Incomplete fix for CVE-2012-3544 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat 6.0.0 to 6.0.37...
[SECURITY] [DSA 2849-1] curl security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2849-1 [email protected] http://www.debian.org/security/ Florian Weimer January 31, 2014 http://www.debian.org/security/faq -...
Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability
Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...
Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities
Title: ====== Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities Date: ===== 2013-07-22 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=832 VL-ID: ===== 832 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: =============...
Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
128 vulnerabilities in different application...
[security bulletin] HPSBPI02851 SSRT101078 rev.1 - Certain HP LaserJet Pro Printers, Unauthorized Access to Data
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03684249 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03684249 Version: 1 HPSBPI02851...
Multiple Vulnerabilities in Linksys E1500/E2500
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
Kohana Framework v2.3.3 - Directory Traversal Vulnerability
Title: ====== Kohana Framework v2.3.3 - Directory Traversal Vulnerability Date: ===== 2013-01-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=841 VL-ID: ===== 837 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: ============...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
[SECURITY] [DSA 2522-1] fckeditor security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2522-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez August 05, 2012 http://www.debian.org/security/faq -...
CakePHP 2.x-2.2.0-RC2 XXE Injection
Exploit title: CakePHP XXE injection Date: 01.07.2012 Software Link: http://www.cakephp.org Vulnerable version: 2.x - 2.2.0-RC2 Tested on: Windows and Linux Author: Pawel Wylecial http://h0wl.pl 1. Background Short description from the project website: "CakePHP makes building web applications...