47153 matches found
Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Small Business SRP500 Series Command Injection Vulnerability Advisory ID: cisco-sa-20111102-srp500 Revision 1.0 For Public Release 2011 November 2 16:00 UTC GMT...
TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...
Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
CPU closes nearly 90 of different vulnerabilities in different applications...
PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm
XSS Reflected Bugs in login.htm and error.htm ================================================================ PRTG V8.1.2.1809 All OS Versions: http://www.paessler.com/ I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs are in the login.htm and error.htm documents. These...
[security bulletin] HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02670501 Version: 2 HPSBMA02621 SSRT100352 rev.2 - HP OpenView Network Node Manager OV NNM, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up...
Asan Portal (IdehPardaz) Multiple Vulnerabilities
Securitylab.ir Application Info: Name: Asan Portal Vendor: http://iptech.ir/default.aspx?id=130 Vulnerability: Denial of Service: http://site.ir/Modules/Administrative/ShowPhotos/ShowImages.aspx?id=922&FieldName=ContentImage1&w=1000&h=1000 With setting of large values of width and height it's...
[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-0009 : Oracle Virtual Server Agent Remote Command Execution This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will...
SQL injection vulnerability in ImpressPages CMS
Vulnerability ID: HTB22385 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinimpresspagescms1.html Product: ImpressPages CMS Vendor: Apro Media Vulnerable Version: 1.0.4 and Probably Prior Versions Vendor Notification: 12 May 2010 Vulnerability Type: SQL Injection Status: Fixe...
Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities
=============================================================== Scientific Atlanta DPC2100 Cable Modem Cross-Site Request Forgery and Insufficient Authentication May 24, 2010 CVE-2010-2025, CVE-2010-2026 =============================================================== ==Description== Scientific...
VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129)
VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities CVE-2010-0129 http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player. These people now have access to so...
AlienTechnology ALR-9900 default root password and backdoor
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tested: www.alientechnology.com/readers/alr9900.php Background: Alien Technology is a major rfid-reader designer and manufacturer. Alien's products are sold to many corporations and the military. Alien's readers can be interfaced with in several ways...
Ananta Gazelle SQL Injection Vulnerability
www.BugReport.ir AmnPardaz Security Research Team Title: Ananta Gazelle SQL Injection Vulnerability Vendor: http://www.anantasoft.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: Ananta Gazelle is a rich JavaScript enabled CMS with...
Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution 974145 Published: February 09, 2010 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Windows. Th...
XSS Vulnerability in JpGraph 3.0.6
XSS Vulnerability in JpGraph 3.0.6 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- JpGraph is an object oriented library for PHP that can be used to create various types of graphs which also contains support for client side image...
[security bulletin] HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01950877 Version: 1 HPSBMA02483 SSRT090257 rev.1 - HP OpenView Network Node Manager OV NNM, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted up...
[ONSEC-09-017] Blogolet PHP including
ONSEC-09-017 Blogolet PHP including Цель: Blogolet CMS Тип: PHP инъекция Угроза: Высокая Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимость существует...
Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products Advisory ID: cisco-sa-20090908-tcp24 Revision 1.0 For Public Release 2009 September 8 1700 UTC GMT...
Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow Remote Code Execution (CVE-2009-1869)
Background: ========== ActionScript code is compiled into ActionScript Byte Code segments, loaded by AVM2 ActionScript Virtual Machine 2. These segments are described by the abcFile structure: abcFile u16 minorversion u16 majorversion cpoolinfo constantpool u30 methodcount methodinfo...
[SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2009-0783: Apache Tomcat information disclosure vulnerability Severity: low Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.0 to 6.0.18 Tomcat 5.5.0 to 5.5.27 Tomcat 4.1.0 to 4.1.39 The unsupported Tomcat 3.x, 4.0.x and 5.0.x...
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow
TPTI-09-01: VMWare VMnc Codec Invalid RFB Message Type Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-09-01 April 6, 2009 -- CVE ID: CVE-2009-0909 -- Affected Vendors: VMWare, Inc. -- Affected Products: VMWare, Inc. VMWare Player VMWare, Inc. VMWare Workstation VMWare,...
Microsoft Security Bulletin MS08-062 - Important Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
Microsoft Security Bulletin MS08-062 - Important Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution 953155 Published: October 14, 2008 Version: 1.0 General Information Executive Summary This update resolves a privately reported vulnerability in the Windows Intern...
Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio September 15th 2008 Risk Level: High Affected versions: IBM DB2 Database Server v9.1 and 9.5 on Windows platform. Remo...
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Buffer overrun in XMLQUERY and XMLEXISTS September 15th 2008 Risk Level: High Affected versions: IBM DB2 Database Server v9.1 and 9.5 on Windows platform. Remote exploitable: Yes Authentication to Database Server is need...
[DSECRG-08-037] Multiple Local File Include Vulnerabilities in Pluck CMS 4.5.2
Digital Security Research Group DSecRG Advisory DSECRG-08-037 Application: Pluck CMS Versions Affected: 4.5.2 Vendor URL: http://www.pluck-cms.org/ Bug: Multiple Local File Include Exploits: YES Reported: 28.07.2008 Vendor Response: 03.08.2008 Solution: YES Date of Public Advisory: 25.08.2008...
[SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-1588-1 [email protected] http://www.debian.org/security/ dann frazier May 27, 2008 http://www.debian.org/security/faq -...
[Full-disclosure] [INFIGO-2008-03-07]: Surgemail 38k4 IMAP server remote stack overflow
INFIGO IS Security Advisory ADV-2008-03-07 http://www.infigo.hr/en/ Title: Surgemail 38k4 IMAP server remote stack overflow Advisory ID: INFIGO-2008-03-07 Date: 2008-03-21 Advisory URL: http://www.infigo.hr/en/infocus/advisories/INFIGO-2008-03-07 Impact: Remote code execution Risk Level: High...
PHP-Nuke Module NukeC30 sql injection
------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo -------- ------------------------------------------------------------- = Author : HouSSaMix from H-T Team = Script : PHP-Nuke Module NukeC30 Module's Name: NukeC30 Module's Version: 3.0 ...
JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit
!/usr/bin/php ?php This file require the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; head; if$argc 3 usage; $url = getparam'url', true; $prx = getparam'proxy', false; $pra =...
[Full-disclosure] Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: TikiWiki Remote PHP Code Evaluation Vulnerability Release Date: 2007/10/29 Last Modified: 2007/10/29 Author: Stefan Esser stefan.esseratsektioneins.de Application: TikiWiki = 1.9.8....
Directory traversal and absolute path in multiple archivers
Directory traversal and absolute path allow to overwrite any file during archive extraction...
Tikiwiki 1.9.7 HTML/embed object injection
Tikiwiki Version: 1.9.7 Example Address http://example.com/tiki-remindpassword.php Overview: The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button. Examples: 1.brbrbuXSS/u/b 2.EMBED...
AsteriDex (Asterisk / Trixbox) remote code execution
Hoku Security Vulnerability Advisory Title: AsteriDex remote command execution Vendor URL: http://bestof.nerdvittles.com/applications/asteridex/ Type: Command injection / remote code execution Vulnerable versions: = 3.0 Risk factor: High Popularity: Low Author: Carl Livitt Contact: [email protected]...
SAP Message Server Heap Overflow
======= Summary ======= Name: SAP Message Server Heap Overflow Release Date: 5 July 2007 Reference: NGS00485 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-292 Systems Affected: All Versions Risk: Critical Status: Fixed ======== TimeLine ======== Discovered: 4...
PHPMyDesk Beta Release 1.0b ==> RFI
script:PHPMyDesk Beta Release 1.0b == RFI dir url:http://www.cynux.com/phpmydesk/ author: titanichacker contact:[email protected] H.P : http://hack-teach.com & mohandko.com & tryag.com bug in: ./index.php include$langmod; ./login.php include$langmod; ./logout.php include$langmod;...
[Full-disclosure] SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities
netVigilance Security Advisory 18 SonicBB version 1.0 Multiple Path Disclosure Vulnerabilities Description: SonicBB is a user-friendly and fully customizable bulletin board package. SonicBB is compatible with any web server/operating system combo with PHP 4.x or higher installed.SonicBB is the...
Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
Microsoft Security Bulletin MS07-021 Vulnerabilities in CSRSS Could Allow Remote Code Execution 930178 Published: April 10, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
Microsoft Windows Vista/2003/XP/2000 file management security issues
Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...
JBoss insecure defaults
Web console and management instruments are available without authentication...
[ECHO_ADV_58_2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability
----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------------- Author : Dedi Dwianto a.k.a...
7a69Adv#17 - Internet Explorer FTP download path disclosure
NOTE FOR BUGTRAQ MODERATOR Excuseme if you have recibed this mail reapeated, but I had some problems on my mail server some days ago, and I have sent this mail 3 or 4 times. Sorry : Delete this note to post to the list. Thank's you. /NOTE FOR BUGTRAQ MODERATOR -...
RNN's Guestbook 1.2 Multiple Vulnerabilities
RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...
Advisory CA-2001-10
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-10 Buffer Overflow Vulnerability in Microsoft IIS 5.0 Original release date: May 02, 2001 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Microsoft Windows 2000 with...
Ports Security Advisory: FreeBSD-SA-00:59.pine
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:59 Security Advisory FreeBSD, Inc. Topic: pine4 port contains remote vulnerability Category: ports Module: pine4/pine4-ssl/zh-pine4/iw-pine4 Announced: 2000-10-30 Affects...
Security Bulletin (MS00-042)
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- Patch Available for "Active Setup Download" Vulnerability Originally Posted: June 29,...
Cayman 3220H DSL Router Software Update and New Bonus Attack
Cayman 3220H DSL Router Software Update and New Bonus Attack Cayman has released a new software image version 5.5.0 build r1 to fix the DoS attack I reported a couple weeks ago. Details on the attack can be found here - http://www.securityfocus.com/vdb/bottom.html?vid=1219 You can get the new...
imapd4r1 v12.264
Newest RH: OK nimue IMAP4rev1 v12.264 server ready 1 login lcamtuf test 1 OK LOGIN completed 1 list "" AAAAAAAAAAAAAAAAAAAAAAAAAAA...yes, a lot of 'A's ; Program received signal SIGSEGV, Segmentation fault. 0x41414141 in ?? sigh Privledges seems to be dropped, but, anyway, it's nice way to get...
ISSalert: ISS Security Alert Summary: Volume 5 Number 3
ISS Security Alert Summary April 1, 2000 Volume 5 Number 3 X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries, subscribe to the ISS Alert mailing list. Send an email to [email protected], and within the body of the message type: 'subscribe alert'...
Denial of Service in Xitami webserver all versions up to v2.5b1 for Windows.
Anyone can remotely crash Xitami webserver by sending simple GET command. On remote side will be: Assertion Failed! Module: D:ImatixDevelopSmtSmthttpl.c , line 745 All you need to do is just telnet to remote computer and execute GETspaceenterenter command. Also Xitami will crash if you'll execute...
[CORE-2015-0013] - FortiClient Antivirus Multiple Vulnerabilities
Advisory Information Title: FortiClient Antivirus Multiple Vulnerabilities Advisory ID: CORE-2015-0013 Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities Date published: 2015-09-01 Date of last update: 2015-09-01 Vendors contacted: Fortinet...
Apple QuickTime multiple security vulnerabilities
Multiple memory corruptions on different formats handling...