47153 matches found
[oss-security] CVE-2014-3940 - Linux kernel - missing check during hugepage migration
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The scope of CVE-2014-3940 is the https://lkml.org/lkml/2014/3/18/784 post, i.e., "PATCH RESEND -mm 1/2 mm: add !ptepresent check on existing hugetlbentry callbacks" on 18 March. Two notes about this: - Applying the https://lkml.org/lkml/2014/3/18/784...
[USN-2218-1] Xalan-Java vulnerability
========================================================================== Ubuntu Security Notice USN-2218-1 May 21, 2014 libxalan2-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
D-Link DSL-500T / DAP 1150 / DAP-1320 multiple security vulnerabilities
Web administration interface crossite request forgery, authentication bypass, directory traversal...
[ MDVSA-2014:097 ] libvirt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:097 http://www.mandriva.com/en/support/security/ Package : libvirt Date : May 16, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been discovered and corrected in libvirt...
APPLE-SA-2014-02-25-3 QuickTime 7.7.5
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-02-25-3 QuickTime 7.7.5 QuickTime 7.7.5 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Playing a maliciously crafted movie file may lead to an unexpected application...
[SECURITY] [DSA 2862-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2862-1 [email protected] http://www.debian.org/security/ Michael Gilbert February 16, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2802-1] nginx security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2802-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq -...
[USN-2004-1] python-glanceclient vulnerability
========================================================================== Ubuntu Security Notice USN-2004-1 October 23, 2013 python-glanceclient vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin
waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...
[USN-1787-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1787-1 April 02, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[SECURITY] [DSA 2613-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2613-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 29, 2013 http://www.debian.org/security/faq -...
SQL Injection Vulnerability in OrangeHRM
Advisory ID: HTB23119 Product: OrangeHRM Vendor: OrangeHRM Inc. Vulnerable Versions: 2.7.1-rc.1 and probably prior Tested Version: 2.7.1-rc.1 Vendor Notification: October 10, 2012 Public Disclosure: October 31, 2012 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2012-5367 CVSSv2 Base...
XSS Vulnerabilities in ClipBucket
Information -------------------- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepage : http://clip-bucket.com Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-013 Description...
Social Engine 4 Persistent XSS & Non-Persistent XSS
===================================================== Social Engine 4 Persistent XSS & Non-Persistent XSS ===================================================== :------------------------------------------------------------------------------------------ ---------------------------------------------...
[USN-1529-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-1529-1 August 10, 2012 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Simple Forum PHP 2.1 - SQL Injection Vulnerabilities
Title: ====== Simple Forum PHP 2.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=599 VL-ID: ===== 599 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Simpl...
ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-091 : Symantec Web Gateway uploadfile Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-091 June 8, 2012 - -- CVE ID: CVE-2012-0299 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Symantec ...
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities
Title: ====== GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=501 VL-ID: ===== 501 Introduction: ============= epesi BIM stands for Business Information Manager. We just did not like the...
Apache multiple security vulnerabilities
Information leakage, filtering bypass, privilege escalation, DoS...
[security bulletin] HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03153338 Version: 1 HPSBST02735 SSRT100516 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be act...
[SECURITY] [DSA 2389-1] linux-2.6 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2389-1 [email protected] http://www.debian.org/security/ Dann Frazier January 15, 2012 http://www.debian.org/security/faq -...
lighthttpd security vulnerabilities
DoS on base64 parsing...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Firewall Services Module Advisory ID: cisco-sa-20111005-fwsm Revision 1.0 For Public Release 2011 October 05 1600 UTC GMT +-------------------------------------------------------------------...
Chezola Systems (display-section.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Chezola Systems display-section.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://chezolasystems.com/ Persian Gulf 4 Ever! Dork : "Powered by Chezola Systems Canada Inc"...
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability
ZDI-11-194: Microsoft Internet Explorer layout-grid-char style Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-194 June 14, 2011 -- CVE ID: CVE-2011-1260 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft...
SCADA Trojans: Attacking the Grid + Advantech vulnerabilities
Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs -...
HTB22810: SQL Injection in ReOS
Vulnerability ID: HTB22810 Reference: http://www.htbridge.ch/advisory/sqlinjectioninreos3.html Product: ReOS Vendor: IT ELAZOS S.L. http://reos.elazos.com/ Vulnerable Version: 2.0.5 Vendor Notification: 20 January 2011 Vulnerability Type: SQL Injection Risk level: High Credit: High-Tech Bridge SA...
[eVuln.com] sitename XSS in Hot Links Lite
New eVuln Advisory: sitename XSS in Hot Links Lite Summary: http://evuln.com/vulns/143/summary.html Details: http://evuln.com/vulns/143/description.html -----------Summary----------- eVuln ID: EV0143 Software: Hot Links Lite Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site...
About the security content of Safari 5.0.3 and Safari 4.1.3
About the security content of Safari 5.0.3 and Safari 4.1.3 Last Modified: November 18, 2010 Article: HT4455 Email this article Print this page Summary This document describes the security content of Safari 5.0.3 and Safari 4.1.3. For the protection of our customers, Apple does not disclose,...
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
The GNU C library dynamic linker expands $ORIGIN in setuid library search path ------------------------------------------------------------------------------ Gruezi, This is CVE-2010-3847. The dynamic linker or dynamic loader is responsible for the runtime linking of dynamically linked programs...
Mozilla Foundation Security Advisory 2010-70
Mozilla Foundation Security Advisory 2010-70 Title: SSL wildcard certificate matching IP addresses Impact: Moderate Announced: October 19, 2010 Reporter: Richard Moore Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.11 Firefox 3.5.14 Thunderbird 3.1.5 Thunderbird 3.0.9 SeaMonkey...
Security problems in Zenphoto version 1.3
We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a number of security problems discovered by Acunetix WVS in the popular web gallery applicati...
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)
About the security content of Safari 5.0 and Safari 4.1 Last Modified: June 07, 2010 Article: HT4196 Email this article Print this page Summary This document describes the security content of Safari 5.0 and Safari 4.1. For the protection of our customers, Apple does not disclose, discuss, or...
dstat privilege escalation
share libraries are searched in the working directory...
Apache Tomcat for Windows backdoor account
admin account with empty password is created during installation...
Subrion CMS Multiple Vulnerabilities
---------------------------------------------------------------------- PT-2009-16 Positive Technologies Security Advisory Subrion CMS Multiple Vulnerabilities ---------------------------------------------------------------------- --- Affected Software Subrion CMS Versions prior to 1.1.x Product...
[Full-disclosure] [ GLSA 200906-02 ] Ruby: Denial of Service
Gentoo Linux Security Advisory GLSA 200906-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
[Suspected Spam][Fwd: Re: Novell-QuickFinder Server Xss & Java remote execution Code]
NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...
[waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1
waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...
Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)
Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution 959070 Published: December 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft...
[Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Java Web Start File Inclusion via System Properties Override Release Date:...
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution 955218 Published: November 11, 2008 Version: 1.0 General Information Executive Summary This security update resolves several vulnerabilities in Microsoft XML Core...
[USN-666-1] Dovecot vulnerability
=========================================================== Ubuntu Security Notice USN-666-1 November 07, 2008 dovecot vulnerability CVE-2008-4907 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 This advisory also...
Telecom Italia Alice Pirelli routers backdoor discoverd to activate telnet/ftp/tftp from internal LAN/WLAN.
saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...
Mozilla Foundation Security Advisory 2008-35
Mozilla Foundation Security Advisory 2008-35 Title: Command-line URLs launch multiple tabs when Firefox not running Impact: Critical Announced: July 15, 2008 Reporter: Billy Rios, Ben Turner, Dan Veditz Products: Firefox Fixed in: Firefox 3.0.1 Firefox 2.0.0.16 Description Security researcher Bil...
[SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1605-1 [email protected] http://www.debian.org/security/ Florian Weimer July 08, 2008 http://www.debian.org/security/faq -...
Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Advisory ID: cisco-sa-20080708-dns http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Revision 1.0 For Public Release 2008 July 08 1800 UTC GMT...
[Full-disclosure] Opera - heap based buffer overflow (CVE-2007-6521)
============================================ ||| Security Advisory AKLINK-SA-2008-006 ||| ||| CVE-2007-6521 CVE candidate ||| ============================================ Opera - heap-based buffer overflow ================================== Date released: 28.05.2007 Date reported: 05.10.2007...
joomla com_activities sql injection
allinurl :"comactivities" index.php?option=comactivities&Itemid=51&func=detail&id=-1//union//select//0,1,password,3,4,5,6,7,8,9,10,11,12,13,14,15,username//from//mosusers/...
Bosdev Multiple vulnerabilities
BosMarket Business Directory System http://www.bosdev.com BosMarket Multiple XSS vulnerabilities BosMarket is a craigslist like application that attempts to let users refer other small businesses. The problem is that when you post listings, its a a no holds barred kind of deal. Firstly, One can...